LM-WIN2012-DC1 LM-FMC1

(Domain Controller
(Cisco Firepower MC 6.1)
DNS/CA)

VLAN32 .40 .107

172.16.32.0/24
Loopback100
Transparent FW (BVI .249)
.250 172.16.13.1/24
Loopback101 Loopback100
Loopback0
172.16.14.1/24 1.1.0.1/24
192.168.0.1
mgmt Loopback101
Loopback0 LM-GATEWAY 1.1.1.1/24
LM-HQ-FW2 172.16.0.3 Loopback102
1.1.2.1/24
VLAN332 LM-HQ-R2
BGP AS 200
.2 Gi0/1 .1
172.16.12.0/24 BGP AS 100
VLAN10 VLAN192
.1 Gi1/4 192.168.10.0/24
.1 172.16.10.0/24
Loopback0 .1 .2 Gi1/1 .251 BGP AS 100
SW1 Internet
172.16.0.1 Gi1/2 Gi1/3
mgmt .250

LM-HQ-FW1 Routed FW

Static Route Scenarios
1. Create Null0 route for 4.2.2.2, test, then remove
2. Create IP SLA to allow failover default route
from 192.168.10.1 to 172.16.12.2 by tracking
8.8.8.8
SW1
BGP Scenarios
1. Create BGP peers
- eBGP to ISP at 192.168.0.1
- iBGP peer to LM-HQ-R2 at 172.16.12.2
- Advertise 172.16.10.0/24 and 172.16.12.0/24
2. Redistribute inside static route 172.16.0.0/12 to BGP
3. Do not advertise 172.16.10.0/24 to BGP
4. Advertise summary route 172.16.0.0/12 to ISP
5. Internet route filter to allow
Inbound: Allow 0.0.0.0/0, 1.1.0.0/23 (local pref 200)
Outbound: 172.16.0.0/12
Prepend AS 100 100
Community List (100:100, Internet)
AS-List ^$