[karimi]

Hi,

I don't have any available ports on my firewall, and need to route an extra internal network. It has been suggested I config a virtual interface.

Instead of doing this, can I route this new subnet to my core (10.10.0.1) which can bounce it off the Firewall (10.10.10.6), and then I can configure the policy rules to allow the traffic to get to the other network via the core through the same interface - sort of like "bouncing" it off the single interface.

This way I could accomplish routing traffic between the 2 networks without requiring an additional interface..

So today i have:

source (204.187.70.10) next hop is core (10.10.0.1). Core has a route to FW (10.10.0.6) for anything which is not local LAN (10.10.0.0). FW has a static route for 204.187.70.0/24 back to the core (10.10.0.1). This way, I am routing 2 networks through the core via my FW, without using up a dedicated interface on the FW for 204.187.70.xxx network.

Could I thus add a new network and do core routing without having to configure a virtual int on my FW ?

Thanks!!