Connection issue across subnets

Unanswered Question

I have 2 sites which are connected via a VPN tunnel.

Site A is the main HQ

Site B is in Cali

in Site B we have a 4503 which has several 3560s connected to the 4503 via fiber trunks.

when trying to communicated with the VPN by means of Ping or telnet we can not connect to it. we can connect to all of the 3560s which are pluged in to the 4503.

I think the command which is allowing the 3560s to work is the ip classless command. but there is no ip classless command for the 4503 running 12.2 IOS

if I connect to one of the 3560s in site B I can telnet and ping the 4503 just fine.

what am I doing wrong

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Edison Ortiz Wed, 05/09/2007 - 12:09

Verify the default gateway on the 3560s and match it on the 4503 with the command

ip default-gateway [gateway ip]

Have you tried turning routing on the 4503 ?

Type 'ip routing' in config mode and then try the ip classless command. However, ip classless won't give you the ability to communicate to other subnets.

You need a gateway in the 4503 switch or a device on that segment serving as an ip proxy.

Edison Ortiz Wed, 05/09/2007 - 12:14

Verify the Layer 3 information on the 4503 is on the same VLAN as the Layer 3 information on the 3560s.

Do you mind posting configs ?

Edison Ortiz Wed, 05/09/2007 - 12:41

Very simple config.

Can the 4503 ping 192.168.60.1 ?

What device is 192.168.60.1 ?

Can you post show ip route from both the 3560 and 4503 ?

Edison Ortiz Thu, 05/10/2007 - 05:57

I recommend verifying the CheckPoint logs and check for packets being drop to/from the 4503 address.

gerard van rij Wed, 05/23/2007 - 04:51

Hi bdillon,

any luck yet? I have the same problem. 3560's give no problem, only my 4503. we also use checkpoint firewall, but there is nothing to see there.

regards,

Gerard

gerard van rij Wed, 05/23/2007 - 06:12

I think there is something with the default-gateway. if I do the command sh ip route on my 3560 I see the configured default gateway.

If I do this on my 4503 I get a message no gateway of last resort. although I did configure the ip default-gateway command

regards,

gerard

Actions

This Discussion