I currently have an RV042G with a downstream SG-300 connected to one of the LAN interfaces. Connected to the SG-300 are a couple servers running ESXi. Intervlan routing is working fine on the current setup; however, I only able to connect to my ESXi hosts on a separate VLAN for approximately a minute before the connection is dropped. I have concluded that the firewall seems to be culprit in blocking my traffic. If I turn the firewall off, everything acts as expected. There is a default "ANY/ANY" rule for LAN traffic enabled and I have added a couple extras allowing all traffic for IP ranges, but I still seem to be losing my connections. To make matters more confusing, I can see ACCESS_RULE events in the firewall logs permitting the traffic (or so I'm interpretting).
Regardless, here's how my rules currently stand below. I put another ANY/ANY rule in because the default didn't seem to be working -- I immediately was able to ping other hosts on different VLANs after adding the rule. I was under the assumption allowing all traffic from any source to any destination would make the LAN pretty accessible. I would appreciate any guidance or resources on this topic to set up some quick firewall rules to get things up and running. Thanks in advance.
I guess I should clarify, the SG-300 is running in Layer 3 mode, and the VLANs are defined on it; however, the static routes are defined on the RV042. Maybe there's a more efficient way of doing this?
Below is a scrubbed copy of my switch configuration.
v184.108.40.206 / R750_NIK_1_35_647_358
set system mode router
no bonjour enable
no logging console
ip ssh server
ip ssh password-auth
clock timezone CEST +1
interface vlan 1
ip address 10.10.10.2 255.255.255.0
no ip address dhcp
interface vlan 2
ip address 10.10.21.1 255.255.255.224
switchport trunk allowed vlan add 2
ip route 0.0.0.0 /0 10.10.10.1 metric 15
The routes I have defined is:
Just to reiterate the problem, I am able to connect to hosts on VLAN 2 from my computer on VLAN 1, but I am disconnected a minute or so later. When the firewall is disabled, I have no issues with connecting to the host across VLANs and maintaining that connection. Maybe I have a misconfiguration somewhere that is causing some issues? I appreciate the help.
After doing some research, I found this in the admin guide for the RV042G:
Typically, a Cisco RV0xx Series router is used as an access router, with a single
LAN subnet. By default, the firewall is pre-configured to deny LAN access if the
source IP address is on a different subnet than the router’s LAN IP address.
However, you can enable multiple subnets to allow this router to work as an edge
device that provides Internet connectivity to different subnets in your LAN.
So, I guess my question is "how do I overrule the default behavior?" I have tried manually putting in access rules to allow traffic between different VLANs, but I'm not getting much luck. Thanks for any help.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :