cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
709
Views
0
Helpful
8
Replies

Static Routing not functional between router and core switch

harris.em
Level 1
Level 1

I'm running a duplicate pre-HA setup where my firewalls are attached to a core switch directly attached to a router. None of my firewalls are connecting to their internet addresses. Am I missing a statement within my switch config ? Is it on the router ? Any help would be greatly appreciated.

8 Replies 8

Richard Burts
Hall of Fame
Hall of Fame

Earl

There is not enough information here for us to give you much help. First of all it would help if we had some detail about the topology. You describe firewalls connected to switch connected to router. Is this the path to the the internet from the firewall? Second we would need to see some detail about how the fiewalls, the switch, and the router are configured - especially how any static routes are configured. And it would be helpful if you could provide some details from the routing tables of the devices, pointing out how the actual content of the routing table differs from what you expect.

HTH

Rick

HTH

Rick

xcz504d1114
Level 4
Level 4

Could be any of those :)

So, I'm assuming you have public IP's assigned to your firewalls, and they connect via layer 2 to your router interfaces.

Your firewalls (ASA or PIX) should have a default route set to point to your router interfaces.

When you say your routers aren't connecting to their internet addresses, what do you mean? They can't ping each others outside interfaces? Can they both talk to the internet? Can they both talk to your border router?

Craig

Craig

When I first read the post I assumed that the topology is as you describe it with the firewalls connected directly to the internet. But then I noticed that the original post says explicitly:"None of my firewalls are connecting to their internet addresses." and that is why I asked for clarification about the topology.

HTH

Rick

HTH

Rick

Rick,

Yeah, I had the same thing you posted run through my head right after I hit "post", you just thought yours through better than I did, i have a tendency to just start slamming on my keys sometimes :)

Craig

harris.em
Level 1
Level 1

I've attached a network diagram of the connections.

ip nat inside source static 172.16.200.2 65.220.58.9

ip nat inside source static 172.16.200.10 65.220.58.11

ip nat inside source static 172.16.200.18 65.220.58.13

Earl,

I think you forgot the diagram, and which device are those NAT configurations applied to, the firewall or the router?

Craig

harris.em
Level 1
Level 1

My core switch environment has no problem reaching the internet via the real IP. It's the secondary ips that are not connecting.

Earl,

Please explain a bit more about your topology in detail.

Toshi

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: