Closed Network Routing Problem (Firewall subinterface vs VLAN interface)

Unanswered Question
May 1st, 2014
User Badges:

I recently took over a closed network used for development. One of my 3560 switches was being routed through 2 routers for the  development LAN. I took some fiber and hooked it back

Once I got the trunking sorted out due to the great guys on this forum (management vlan interface issue). I had to delete the unneeded HSRP interfaces on the switch. To be honest I am unsure of why they were there on a access switch anyways.  I then created normal vlan interfaces for my *.*192.0 subnet and my *.*193.0 subnet.  After that I still did not have routing working. I looked at the routing statements (why static routing is being used?) on the 6509 and most of them pointed to our firewalls (ip route *.*.133.0  255.255.255.0 *.*.0.253). I made the static routes for the 2 vlan/subnets on the 6509 and still no joy.

I got on the 5520 ASA and noticed that most of the vlan/subnets had subinterfaces on the firewall. So I create the 2 sub interfaces for the of *.*.192.1 and *.*.193.1  I now was able to ping hosts off of 3560. I went back to the other side and could ping hosts on the 193/193 vlan/subnets. Now if you noticed I have

 

This only problem I have left as you notice is I have the ip address 2 times for 192.1 and 193.1.  If I shut down the vlan interface on the 192/193 vlan/subnets I lose the arp table on the 3560. If I shut down the subinterfaces with the indentical ip address I then can longer ping the 192/193 vlan/subnets.  Right now with both the vlan interface and the subinterface of course I can not ping the *.*.192.1 and *.*.193.1. That's the only visible issue but I want to solve it.

 

Due to it being a closed network I can't pull to much off of it to put on here.   I tried to describe the issue as well as I could I hope it makes some sense.

 

 

 

 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Florin Barhala Fri, 05/02/2014 - 11:59
User Badges:
  • Bronze, 100 points or more

I believe a small network diagram will help us all.

Actions

This Discussion