Problem with routing traffic between VLANs

Feb 11th, 2009
Hi All,

I have the following problem.

I have all the internal VLANs connected to a Cisco 4500R. This 4500R has a default gateway pointing to the INSIDE interface of an ASA 5550, which gives everybody access to the Internet.

So far, so good.

The problem is that one particular VLAN which is the MANAGEMENT VLAN resides on the 4500R, but it also has another interface on the ASA. In other words, the MANAGEMENT interface on the ASA connects to the 4500R as well.

The problem is the following:

If I set the default gateway for the devices residing on the MANAGEMENT VLAN to be the 4500R, then the IT VLAN can manage the devices on the MANAGEMENT VLAN, but they don't get Internet access. (This is because the 4500R receives this traffic and send it to the INSIDE interface of the ASA, but because the ASA has a MANAGEMENT interface with the same subnet, it won't work).

If I set the default gateway for the devices residing on the MANAGEMENT VLAN to the be MANAGEMENT interface of the ASA, then they get Internet access, but the IT VLAN cannot access the MANAGEMENT VLAN. (This is because the ASA receives the MANGEMENT devices then send the traffic to the ASA instead than send it to the IT VLAN).

At least this is what it seems....

Could some one please point me out in the right direction about getting this working?

Thank you all!

glen.grant Wed, 02/11/2009 - 16:07
  Purple, 4500 points or more

You need to allocate a /30 subnet between the 4500 and the ASA and use that as the internet gateway and get the management vlan by itself and that behavior will stop. You can't have the mgt. vlan and the connection to the ASA on the same subnet.


