Directly Connected Networks... Why can't I get to IPs on different Switches but in a common subnet???
I've set up a pair of switches in a DMZ type environment that hangs off of our DMZ firewall.
The firewall has a static route to the supernet hosted on the switches via switch interface 10.1.191.12
The static route is: 10.1.160.0 /19 via 10.1.191.12
The firewall has the local interface address 10.1.191.11 /28
Switches 01 and 02 have a floating HSRP address of 10.1.191.12 /28
Switch 01 has a vlan interface address of 10.1.191.13 /28
Switch 02 has a vlan interface address of 10.1.191.14 /28
The firewall is completely open at the moment. From my desktop on the other side of the firewall from the 10.1.160.0 /19 network I can happily ping all the addresses mentioned above. i.e. From my desktop (IP 10.0.33.50) I can ping 10.1.191.11, 12, 13, 14.
I've also configured another network across the switch pair: 10.1.160.0 /24
This network has a VLAN interface set up on each switch as follows:
Switch 01 has a vlan interface address of 10.1.160.251 /24
Switch 02 has a vlan interface address of 10.1.160.252 /24
From each switch I can ping the 10.1.160.25x address thus subnet connectivity is fine across the two switches.
From my desktop on the other side of the firewall from the 10.1.160.0 /19 network I can happily ping the 10.1.160.251 address.
NOW the Problem....
From my desktop on the other side of the firewall from the 10.1.160.0 /19 network I CAN NOT ping the 10.1.160.252 address.
i.e. I can only ping IP addresses hosted by the switch that the next hop for the firewall points to (i.e. 10.1.191.12)
I don't understand why I can only ping IP addresses on other subnets when the IP address is local to the switch that is hosting the next hop IP that the firewall is set to use!!
Please can somebody explain what the problem is here!?
* Please let me know if further clarification is required on this question!!?
Just thought I'd update this as I figured out what the problem was.
I was using a default route instead of a static route to get back to the internal company network via the firewall. As soon as I put a static route on instead and enabled IP routing the routing started to work fine for all subnets this side of the firewall.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...