Static Routing not functional between router and core switch

Unanswered Question
Jul 12th, 2009

I'm running a duplicate pre-HA setup where my firewalls are attached to a core switch directly attached to a router. None of my firewalls are connecting to their internet addresses. Am I missing a statement within my switch config ? Is it on the router ? Any help would be greatly appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Sun, 07/12/2009 - 18:53

Earl

There is not enough information here for us to give you much help. First of all it would help if we had some detail about the topology. You describe firewalls connected to switch connected to router. Is this the path to the the internet from the firewall? Second we would need to see some detail about how the fiewalls, the switch, and the router are configured - especially how any static routes are configured. And it would be helpful if you could provide some details from the routing tables of the devices, pointing out how the actual content of the routing table differs from what you expect.

HTH

Rick

xcz504d1114 Sun, 07/12/2009 - 18:59

Could be any of those :)

So, I'm assuming you have public IP's assigned to your firewalls, and they connect via layer 2 to your router interfaces.

Your firewalls (ASA or PIX) should have a default route set to point to your router interfaces.

When you say your routers aren't connecting to their internet addresses, what do you mean? They can't ping each others outside interfaces? Can they both talk to the internet? Can they both talk to your border router?

Craig

Richard Burts Sun, 07/12/2009 - 19:09

Craig

When I first read the post I assumed that the topology is as you describe it with the firewalls connected directly to the internet. But then I noticed that the original post says explicitly:"None of my firewalls are connecting to their internet addresses." and that is why I asked for clarification about the topology.

HTH

Rick

xcz504d1114 Sun, 07/12/2009 - 20:57

Rick,

Yeah, I had the same thing you posted run through my head right after I hit "post", you just thought yours through better than I did, i have a tendency to just start slamming on my keys sometimes :)

Craig

harris.em Sun, 07/12/2009 - 19:14

I've attached a network diagram of the connections.

ip nat inside source static 172.16.200.2 65.220.58.9

ip nat inside source static 172.16.200.10 65.220.58.11

ip nat inside source static 172.16.200.18 65.220.58.13

xcz504d1114 Sun, 07/12/2009 - 20:58

Earl,

I think you forgot the diagram, and which device are those NAT configurations applied to, the firewall or the router?

Craig

harris.em Sun, 07/12/2009 - 19:17

My core switch environment has no problem reaching the internet via the real IP. It's the secondary ips that are not connecting.

thotsaphon Sun, 07/12/2009 - 21:39

Earl,

Please explain a bit more about your topology in detail.

Toshi

Actions

This Discussion