cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1399
Views
0
Helpful
7
Replies

Routing on 3750 - baffles me

Aaron Wedemeyer
Level 1
Level 1

I have a 3750 stack as my aggregation point (10.10.10.3).  Outbound traffic goes to ASA5510 (10.10.10.1) as do all my client gateways.  I recently received a 1910 (10.10.10.10) to use as VPN router from an ISP vendor.  I simply want to route traffic destined for 208.28.64.0 255.255.255.0 to the 1910 to go thru a VPN tunnel to the vendor.  I used CNA to enable IP routing, and set a static map of 208.28.64.0 255.255.255.0 ->10.10.10.10, but I can't get traffic to flow.  If I use windows routing commands, traffic goes fine.  What am I missing?  Do I need to point all my gateways to the 3750?  Shouldn't the traffic that passes thru the 3750 to the ASA get sent to the 1910?

Sure, I could send out a GPO to do the routing, but isn't that what all this equipment is supposed to handle

7 Replies 7

droeun141
Level 1
Level 1

How do you have the 1910 connected?

One of the 48 switches on the 3750

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Aaron,

is new 1910 router IP address 10.10.10.10 in the same subnet as 10.10.10.3 or it is behind the ASA?

also you need to configure the return path: the C1910 has to be configured to send trafffic for internal IP subnets instead of ASA.

so you will need on the C1910 the correct static routes with next-hop 10.10.10.3

to work well 10.10.10.10 and 10.10.10.3 have to be in the same subnet broadcast domain, so switch port connecting to C1910 LAN interface has to be on the same interface.

The ip address 10.10.10.3 has to be given to an SVI = Switched Virtual Inteface

example:

L2 broadcast domain is 10 = vlan-id

you need to configure

interface Vlan 10

ip address 10.10.10.3 255.255.255.0

no shut

int gi1/0/x

switchport

desc to C1910

switchport mode access

switchport access vlan 10

int gi1/0/y

switchport

desc to aSA

switchport mode access

switchport  access vlan 10

ip route 0.0.0.0. 0.0.0.0 10.10.10.1

! one or more specific routes as needed towards remote destinations if using a tunnel on C1910

ip route 10.10.10.10

Another important point: if the C1910 implements a VPN tunnel you need to create static routes not for the tunnel remote endpoint but for the remote internal networks that typically are private IP addresses (RFC 1918 like 10/8, 172.16-31.0.0/16, 192.168.x.0/24)

Hope to help

Giuseppe

Aaron Wedemeyer
Level 1
Level 1

I had to point my client gateway to the 3750, then configure the default route on 3750 to go to the ASA.

shailesh.h
Level 1
Level 1

If your PC is on 10.10.10.x network then you can have one of scenario or any new scenario

Scenario 1

  • your PC having IP address 10.10.10.x with default gateway stack switch 3750 10.10.10.3 having default route to Firewall 10.10.10.1. Firewall will do the routing to new router when traffic destion is 208.28.64.0 255.255.255.0

Scenario 2

  • your PC having IP address 10.10.10.x with default gateway to Firewall 10.10.10.1. Firewall will do the routing to new router when traffic destion is 208.28.64.0 255.255.255.0

Scenario 3

  • your PC having IP address 10.10.10.x with default gateway to new router

Scenario 4

  • your PC having IP address y.y.y..x with default gateway stack switch. Switch having default route to Firewall 10.10.10.1. Firewall will do the routing to new router when traffic destion is 208.28.64.0 255.255.255.0. Reverse route needs to be configured on the new router and firewall as well learn about network y.y.y.x

Hope this will help you to some extend and share your scenario.

I basically went with scenario 1, except that the 3750 sends 208 data to the 1910.  Scenario 2 didn't work as I couldn't get the ASA to do the routing back to the inside network, even with that allow same security intra-interface option enabled.  Scenario 3 didn't work because it's a very specialized route path only for one application that I want going thru the 1910 tunnel.

Gr8! can you please share step by step problem and your own view on the problem

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: