Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
882
Views
0
Helpful
6
Replies

SA540 not able to ping host between different vlan

diptesh1980
Level 1
Level 1

‎07-03-2010 02:59 AM - edited ‎03-11-2019 11:07 AM

Hi,

I have installed one sa540 in customer place.Customer asked to create separate vlans.sa540 is running the current version.Now i have created vlan and intervlan is enable is the firewall.i am able to ping the intereface ip of different vlans but i am not able to ping the host between different vlans.Its going till the gateway.

one more interesting thing when I am disabling the inter-vlan,even then i am able to ping between different vlan interface.Is it a bug...or other issue.

How to resolve this.

Labels:
0 Helpful
6 Replies 6

Federico Coto Fajardo
VIP Alumni
VIP Alumni

‎07-04-2010 05:13 PM

Hi,

Please clarify your issue perhaps with a simple drawing and someone here will help you out.

Federico.

0 Helpful

diptesh1980
Level 1
Level 1
In response to Federico Coto Fajardo

‎07-05-2010 08:20 AM

Hi Federico,

Thanks for your response.I will expain you the customer scenario.Hope that helps me to get some suggestion.

customer has 3 edge switches in different network.Each switch replicate one vlan.

edge switch1-vlan 1 -netwrk 192.168.1.0

edge switch 2-vlan2-network 192.168.2.0

edge switch 3-vlan -network 192.168.3.0

each edge switch he has upliked to SA540 firewal which is having 4 lan port.In SA540 he has creaated 3 vlan.Now  we are able to reach from one vlan interface ip to other vlan.but host from one vlan to the host of other vlan is not reachable.Customer  removed the switches and tried connecting the host direclty to the firewall where different vlans has been configured.Here also same problem.FOM ONE VLAN TO OTHER VLAN INTERFACE IP IS PINGING,but host between the vlans are not pinging.

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to diptesh1980

‎07-05-2010 07:59 PM

Are the default gateways for the VLANs the SA540?

When you try to PING from 192.168.x.0 to 192.168.y.0, it should go through the SA540 (because is the default gateway for those VLANs correct)?

The SA540 has an IP address belonging to each VLAN and you can PING that IP from the hosts?

Federico.

0 Helpful

diptesh1980
Level 1
Level 1
In response to Federico Coto Fajardo

‎07-05-2010 09:40 PM

Hi Federico,

You are right.The host is able to ping the defaultgateway of the other vlan but it's not able to ping the host of the other vlan.

Diptesh

0 Helpful

diptesh1980
Level 1
Level 1
In response to diptesh1980

‎07-09-2010 12:26 AM

Hi fedrico,

Any update on the same.

Regards

Diptesh

0 Helpful

Federico Coto Fajardo
VIP Alumni
VIP Alumni
In response to diptesh1980

‎07-09-2010 08:01 AM

Sounds strange.

You say that you can PING from one VLAN interface to another? This means that ICMP is permitted through the SA540?

Do you have any rule on the SA540 that might be preventing PINGs between VLANs?

Federico.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card