1. Home
    2. VM-Series
    3. VM-Series Deployment Guide
    4. Set Up a Firewall in Cisco ACI
    5. Integrate the Firewall with Cisco ACI in Network Policy Mode
    6. Deploy the Firewall to Secure North-South Traffic in Network Policy Mode
    7. Create an External Routed Network
    End-of-Life (EoL)

    Create an External Routed Network

    The firewalls pass IP routing information to the ACI ovar a Layer 3 OSPF network. ACI uses a switch virtual interface (SVI) on the leaf switches with an IP address on each switch for connection resilience. Create a Layer 3 routed network to peer with the firewall using OSPF.
    1. On the
      Tenants
       tab, double-click on the name of your tenant.
    2. Select
      Networking
      External Routed Networks
      .
    3. Right-click
      External Routed Networks
       and select
      Create Routed Outside
      .
    4. Enter a descriptive
      Name
       for your
      External Routed Network
      .
    5. Select your VRF with external connectivity from the
      VRF
       drop-down.
    6. Select the external routed domain you created previously form the
      External Routed Domain
       drop-down.
    7. Select
      OSPF
      .
    8. Enter an
      OSPF Area ID
      . The Area ID can be expressed in decimal number or dotted decimal form. For example, Area 1 is the same as Area 0.0.0.1 or Area 271 is the same as Area 0.0.1.15. The Area ID range is 0 (0.0.0.0) to 4294967295 (255.255.255.255).
    9. Select
      Regular Area
       for the
      OSPF Area Type
      .
    10. Click the plus (+) button to the right of
      Nodes and Interface Profiles
       to create a Node Profile with a node that for the border-leaf switches that connect to the firewall.
    11. Enter a descriptive
      Name
       for your
      Node Profile
      .
    12. Attach nodes to your Node Profile.
      1. Click the plus (+) button to the right of
        Nodes
        . This opens the
        Select Node
         window.
      2. Select the node that your firewall is connected to from the
        Node ID
         drop-down.
      3. Enter the IP address of the router attached to the leaf switch in
        Router ID
        .
      4. Click
        OK
        .
      5. Click the plus (+) button to the right of
        Nodes and Interface Profiles
        .
      6. Enter a descriptive
        Name
         for your
        Node Profile
        .
      7. Click the plus (+) button to the right of
        Nodes
        . This opens the
        Select Node
         window.
      8. Select the node that your secondary HA firewall is connected to from the
        Node ID
         drop-down.
      9. Enter the IP address of the router attached to the second leaf switch in
        Router ID
        .
      10. Click
        OK
        .
    13. Attach an OSPF Interface Profile for your Node Profile.
      1. Enter a descriptive
        Name
         for your OSPF Interface Profile.
      2. Click
        Next
        .
      3. Select
        Create OSPF Interface Policy
         from the OSPF Policy drop-down.
      4. Enter a descriptive
        Name
         for your OSPF Interface Policy.
      5. Select
        MTU Ignore
        .
      6. Click
        Submit
        .
      7. Click
        Next
        .
      8. Click
        SVI
        .
      9. Click the plus (+) button to the right of
        SVI Interfaces
        . This opens the
        Select SVI
         window.
      10. Click
        Virtual Port Channel
        .
      11. Select the Path to the port and port channel interface where the firewall connects to the leaf switch.
      12. In
        Encap
        , enter the VLAN encapsulation used for your layer 3 outside profile.
      13. Select
        Trunk
         for Mode.
      14. In the
        Side A IPv4 Primary Address
         field, enter the primary IP address of the path attached to the layer 3 outside profile.
      15. In the
        Side B IPv4 Primary Address
         field, enter the secondary IP address of the path attached to the layer 3 outside profile.
      16. Click
        OK
        .
    14. Click
      OK
       to close the Create Interface Profile window.
    15. Click
      OK
       to close the Create Node Profile window.
    16. Click
      Next
      .
    17. Click the plus (+) button to the right of
      External EPG Networks
      . This opens the
      Create Routed Outside
       window.
    18. Enter a descriptive
      Name
       for you External Network.
    19. Add a subnet to you External Network.
      1. Click the plus (+) button to the right of
        Subnets
        .
      2. Enter the IP address and mask of the subnet’s default gateway.
      3. Select
        Export Route Control Subnet
        .
      4. Select
        External Subnets for External EPG
        .
      5. Click
        OK
        .
    20. Click
      Finish
      .

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo