Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
615
Views
0
Helpful
1
Replies

Routing of VLANs on Cisco IPS 4240

ericmwangi
Level 1
Level 1

‎11-17-2009 04:56 AM - edited ‎03-10-2019 04:49 AM

Hi Guys,

I have a setup where i have setup as follows

Serverfarm---ASA---IPS---ServersonVLANs

I have configured VLAN groups on the IPS. I can reach the servers on all the VLANs from the server farm and i can also reach the Server farm from the servers behind the IPS. The problem is that the servers behind the IPS on different VLANs can only communicate on ICMP. No other protocol is working. I have disabled the rules on the IPS. No success though.

What could the problem be here? Any insights?

Note: the ASA is the one doing the termination of the VLANs

Regards

Eric

Labels:
0 Helpful
1 Reply 1

rhermes
Level 7
Level 7

‎11-17-2009 09:12 AM

Do you have vlan PAIRS configurged on your 4240? With VLAN pairs, traffic enters the IPS on one vlan and exits on another. So if your Serverfarm is on vlan 102 the IPS vlan pair might be 102-202 and the ServersonVLANs would be on vlan 202.

If that's not your problem, you can use the "packet display gi0/0" command to watch what traffic is actually making it to an interface on your sensor.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card