Hello all ,
internet router-----------outside------------- ASA -------inside-------------cisco 3750 (----A----)
|
|
DMZ
|
|
Cisco 3750 (-----B---)
1- switch A -- wireless User + Cisco Wireless Ip phones
2- Switch B -- CUCM
Problem discriptiom :
--- from switch A i can not ping SwitchB (DMZ) so ip phones can not reached to CUCM
--- on switchA 4 VLANS are configured with Different SSIDs and internet is working fine .
--- on Switch A i want 2 VLANs (vlan60 and vlan 80) to communicate with DMZ also (Not working )
## some relevent Config is as under :
SWITCH A CONFIG
===============
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
shutdown
!
interface GigabitEthernet1/0/1
switchport access vlan 60
switchport mode access
spanning-tree portfast
|
|
|
|
|
|
!
interface GigabitEthernet1/0/23
description **connected to ASA-Inside**
switchport access vlan 100
switchport mode access
interface Vlan10
ip address X.X.100.5 255.255.255.0
!
interface Vlan50
ip address X.X.6.12 255.255.255.0
!
interface Vlan60
ip address X.X.8.251 255.255.255.0
!
interface Vlan80
ip address X.X.10.251 255.255.255.0
!
interface Vlan100
ip address X.X.20.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 X.X.20.2
=========================================
ASA CONFIG
-----------------------
interface GigabitEthernet0/0
nameif inside
security-level 100
ip address X.X.20.2 255.255.255.0
|
|
interface GigabitEthernet0/2
nameif DMZ
security-level 50
ip address X.X.21.2 255.255.255.0
|
|
interface GigabitEthernet0/5
nameif outside
security-level 0
ip address 192.168.2.5 255.255.255.0
|
|
object network IN-OUT
subnet 0.0.0.0 0.0.0.0
object network W-PHONE
subnet X.X.10.0 255.255.255.0
object network BECA-WIRELESS-USER
subnet X.X.8.0 255.255.255.0
pager lines 24
|
|
nat (inside,outside) source dynamic IN-OUT interface
nat (inside,DMZ) source dynamic W-PHONE interface
nat (inside,DMZ) source dynamic BECA-WIRELESS-USER interface
route outside 0.0.0.0 0.0.0.0 192.168.2.1 1
route inside X.X.6.0 255.255.255.0 X.X.20.1 1
route inside X.X.7.0 255.255.255.0 X.X.20.1 1
route inside X.X.8.0 255.255.255.0 X.X.20.1 1
route inside X.X.10.0 255.255.255.0 X.X.20.1 1
timeout xlate 3:00:00
============================================
switch B
----------------
interface GigabitEthernet1/0/17
switchport access vlan 50
switchport mode access
switchport voice vlan 20
spanning-tree portfast
!
interface GigabitEthernet1/0/18
switchport access vlan 50
switchport mode access
interface Vlan10
ip address X.X.100.1 255.255.255.0
!
interface Vlan20
ip address X.X.7.1 255.255.255.0
ip helper-address X.X.6.6
!
interface Vlan50
ip address X.X.6.30 255.255.255.0
ip helper-address X.X.6.6
!
interface Vlan60
ip address X.X.8.252 255.255.255.0
!
interface Vlan101
ip address X.X.21.1 255.255.255.0
!
ip forward-protocol nd
ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 X.X.6.4
ip route X.X.6.0 255.255.255.0 X.X.21.2
ip route X.X.7.0 255.255.255.0 X.X.21.2
!
