Hi Folks,

Good day. Im trying to setup a brownfield topology wherein;

Sample Topology;

ISP 1/ISP2 ---->VCE via GE1 and GE2------LAN1 --------------->3rd party firewall----------------> core switch

Ive configured the 3rd party firewall with local ip connected to VCE LAN1 and default route 0/0 pointing to VCE LAN1.

All internet routes will traverse to the 3rd party firewall (L3) then to VCE LAN1 then VCE will have the GE1 and GE2 connected to the ISPs.

My issues;

  -VCE monitoring dashboard will only see the 3rd party firewall IP (ofcourse) since it is natted.

  -I cannot monitor end users actual ip addresses behind the 3rd party firewall.

  -The idea is 3rd party firewall should not be removed.

  -Branch to HUB vpn is not working

  -AWS to VCE gateway is not working

Can someone please recommend the best approach on this kind of setup?

Thanks,

A