Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

SA540 not able to ping host between different vlan

Hi,

I have installed one sa540 in customer place.Customer asked to create separate vlans.sa540 is running the current version.Now i have created vlan and intervlan is enable is the firewall.i am able to ping the intereface ip of different vlans but i am not able to ping the host between different vlans.Its going till the gateway.

one more interesting thing when I am disabling the inter-vlan,even then i am able to ping between different vlan interface.Is it a bug...or other issue.

How to resolve this.

6 REPLIES

Re: SA540 not able to ping host between different vlan

Hi,

Please clarify your issue perhaps with a simple drawing and someone here will help you out.

Federico.

New Member

Re: SA540 not able to ping host between different vlan

Hi Federico,

Thanks for your response.I will expain you the customer scenario.Hope that helps me to get some suggestion.

customer has 3 edge switches in different network.Each switch replicate one vlan.

edge switch1-vlan 1 -netwrk 192.168.1.0

edge switch 2-vlan2-network 192.168.2.0

edge switch 3-vlan -network 192.168.3.0

each edge switch he has upliked to SA540 firewal which is having 4 lan port.In SA540 he has creaated 3 vlan.Now  we are able to reach from one vlan interface ip to other vlan.but host from one vlan to the host of other vlan is not reachable.Customer  removed the switches and tried connecting the host direclty to the firewall where different vlans has been configured.Here also same problem.FOM ONE VLAN TO OTHER VLAN INTERFACE IP IS PINGING,but host between the vlans are not pinging.

Re: SA540 not able to ping host between different vlan

Are the default gateways for the VLANs the SA540?

When you try to PING from 192.168.x.0 to 192.168.y.0, it should go through the SA540 (because is the default gateway for those VLANs correct)?

The SA540 has an IP address belonging to each VLAN and you can PING that IP from the hosts?

Federico.

New Member

Re: SA540 not able to ping host between different vlan

Hi Federico,

You are right.The host is able to ping the defaultgateway of the other vlan but it's not able to ping the host of the other vlan.

Diptesh

New Member

Re: SA540 not able to ping host between different vlan

Hi fedrico,

Any update on the same.

Regards

Diptesh

Re: SA540 not able to ping host between different vlan

Sounds strange.

You say that you can PING from one VLAN interface to another? This means that ICMP is permitted through the SA540?

Do you have any rule on the SA540 that might be preventing PINGs between VLANs?

Federico.

650
Views
0
Helpful
6
Replies
CreatePlease to create content