VLAN to WAN Communication Issue

Unanswered Question
Jul 12th, 2007

Before I get into the details let me give the details of my modest little network:

I have 1 Cisco 3750 (SMI) serving as my core switch/router. This switch has InterVLAN Routing setup including the SVI's for 4 subnets ( - .40.1). My access layer switches at Cisco 2960 L2 switches each assigned a specific VLAN and 2 trunk lines (dot1q) with etherchannel back to the core switch. My management VLAN is simply VLAN 1 with IP's of - .1.4.

My WAN connection is currently a single L3 port with an IP of connecting to the LAN port of a Linksys RV042 with Firewall & VPN services. The Linksys also has a route sending all traffic to it's LAN port or back to the core switch. I also have a default route set for which effectively sends all non-LAN traffic out the the Linksys device and this is where it gets weird (*I do not have RIP turned on my core switch.):

I can ping both FQDN's and IP addresses from my core switch console and everything works fine. However, as soon as I try to do the same thing from a VLAN connection (or a PC connected to the VLAN) all I can get is DNS services (www.yahoo.com gets translated to an IP address) but after it hits the DNS I get timeout errors.

I ran a traceroute on the switch (and a tracert on the XP machine I'm testing from) and I go from the VLAN to the Linksys Device out to the ISP DNS Server and then nothing but timeouts after that.

From what I can tell the inbound IP traffic is not being properly delivered from the Linksys device back to the Core or from the core to the VLAN's.

To muddy the water even more I can ping a computer or resource on my Intranet on another VLAN/Subnet and my servers resolve the request without any problems!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Edison Ortiz Thu, 07/12/2007 - 07:18

Does the LinkSys have those networks ( on its NAT table ?

rmlounsbury Thu, 07/12/2007 - 08:55

The linksys routing table has in its routing table. I was hoping to cover everything with a blanket route.

I will need to double check my settings on that end. I should probably add each individual subnet on to the Linksys device and test it again.

Edison Ortiz Thu, 07/12/2007 - 09:12

Routing table is not sufficient, you need to have those networks in the NAT table as well, else they won't be translated to an 'internet' IP.

rmlounsbury Thu, 07/12/2007 - 09:25

Gotcha. I'm trying to find where I can edit the NAT table on the linksys device. So far all I can find is a One-to-One NAT function but that isn't what I want.

Will update when I figure out where Linksys stashed the NAT Table.

Edison Ortiz Thu, 07/12/2007 - 09:34

I'm afraid you can't. Those are SOHO devices and only support NAT for one subnet.

rmlounsbury Thu, 07/12/2007 - 12:11

And right you are... No NAT Table edit function.

I did go through and reset my switches and re-programmed them with just enough information to active IntraVLAN Routing and the default route to the Linksys.

After doing that all my computers on the VLAN's can access the internet. However, they work for about 5 minutes or so and then it's back to the timeout error. If I go into the command line on the host and ping the router and then the public IP address they magically start working again for about 5 minutes.

This could be the weirdest problem I have ever come across.

Edison Ortiz Thu, 07/12/2007 - 12:57

Very strange, indeed. NAT shouldn't allow other subnets. I'm afraid you will need an enterprise router for this kind of task. You have a limit with a SOHO device.


This Discussion