I have 2 sites which are connected via a VPN tunnel.
Site A is the main HQ
Site B is in Cali
in Site B we have a 4503 which has several 3560s connected to the 4503 via fiber trunks.
when trying to communicated with the VPN by means of Ping or telnet we can not connect to it. we can connect to all of the 3560s which are pluged in to the 4503.
I think the command which is allowing the 3560s to work is the ip classless command. but there is no ip classless command for the 4503 running 12.2 IOS
if I connect to one of the 3560s in site B I can telnet and ping the 4503 just fine.
what am I doing wrong
Verify the default gateway on the 3560s and match it on the 4503 with the command
ip default-gateway [gateway ip]
Have you tried turning routing on the 4503 ?
Type 'ip routing' in config mode and then try the ip classless command. However, ip classless won't give you the ability to communicate to other subnets.
You need a gateway in the 4503 switch or a device on that segment serving as an ip proxy.
Verify the Layer 3 information on the 4503 is on the same VLAN as the Layer 3 information on the 3560s.
Do you mind posting configs ?
Very simple config.
Can the 4503 ping 192.168.60.1 ?
What device is 192.168.60.1 ?
Can you post show ip route from both the 3560 and 4503 ?
yes the 4503 can ping anything on the 192.168.60.0 network. The .1 is the gate way which is a Checkpoint firewall which leads to the 10.10.1.0 network which is where we are doing all our testing from.
the ony route in the 4503 is the 192.168.60.1
I am a little confused. You are doing test from the Checkpoint firewall at the HQ or the Cali office?
Is the VPN tunnel established on the Checkpoint?
I was testing from a PC on the network at Site A the only way I can get to the 4503 is to telnet in to a 3560 in Site B then connect to it. All the 3560s working fine to Telnet to. just not the 4503 and they are all on the same subnet.
any luck yet? I have the same problem. 3560's give no problem, only my 4503. we also use checkpoint firewall, but there is nothing to see there.
I think there is something with the default-gateway. if I do the command sh ip route on my 3560 I see the configured default gateway.
If I do this on my 4503 I get a message no gateway of last resort. although I did configure the ip default-gateway command