I am changing my companies network and I am stuck. I've dug through a number of articles and posts both up here and elsewhere and I am not sure what the problem is. In particular I've been through THIS article a number of times, worried that I missed something. The problem that I am having is with the config of my 3560g. I think the issue may be with the routing between the 3560g and ASA.
I say working on, because I have all of my users connected via a few switches (on a flat network, with a voice vlan) on another Interface (e0/1) on the ASA. My plan is to split my network up into a few VLANs and use the 3560g to do the Layer 3 the switching.
A few points, bulleted out for easy reading:
I've enable IP Routing on the switch and configured the route to the ASA
InterVlan routing seems to be working fine
from a connected PC (192.168.5.5) plugged into switch port g0/13 (on vlan5) I:
Can ping all the virtual interfaces
Can Ping 192.168.1.1
Cannot Ping 192.168.1.2 (ASA) or 184.108.40.206 (Google DNS)
From the switch I can ping the 192.168.1.2
From the switch I Cannot ping 220.127.116.11
I verified via a Packet Trace on the ASA that the Flow should work (so ACLs and NAT are all OK).
Just too make sure of the above, I connected a PC (IP 192.168.1.5/24) to g0/24 and was able to get to the interweb.
I am not using any SVIs\Subinterfaces on the ASA. (I had them originally, but removed them so that I could do the L3 routing on the 3560g instead).
Below is relevant excerpts from the Switch Config:
switchport access vlan 5
switchport mode access
switchport voice vlan 2
spanning-tree bpduguard enable
ip address 192.168.1.1 255.255.255.0
ip address 192.168.4.230 255.255.255.0
ip address 192.168.5.1 255.255.255.0
ip address 192.168.10.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 192.168.1.2
ip http server
ip http secure-server
I hate that I am stuck on this and any help to point me in the right direction would be great.
It's not the default ASA settings, I configured it so I can ping things externally and get a response.
I've done a traceroute from the PC and if I remember right it doesnt get past the first hop. But I'll test that when I get into the office today.
I have not added any static routes to the ASA or 2811 with this new config. The 2811 should not have any, because it's not aware of anything on the other side of the ASA (for any of the 3 interfaces currently in use). The ASA has one static route to the outside that has been there. A route was automatically added for the connected interface once I configured it (like the other interfaces I am using). from a Show Route on the ASA:
C 192.168.1.0 255.255.255.0 is directly connected, LAN_2
I don't need routes added for the different VLAN interfaces, do I? Uggg, is that it? Static routes for each VLAN pointing to the L3 interface on the 3560g?
That was it. I needed the routes to my subnets. When I was using the SVIs\Subinterfaces on the ASA the routes were created since there was an interface connected and it was aware of the network. Makes so much sense now, and I feel silly. Everything is working now. Thanks!
Thanks for your input too. That would have answered it as well.
I am rushing off to a meeting and I wanted to check one thing before I closed this.
I meant to reply yesterday, but next thing you know I was spending the next 8 hours converting my network and phone system. It was very nerve-wracking especially when I couldnt get my Dell switches to play nice with my Cisco switches. This was particularly fun because my Cisco switches didn't have enough ports to cover all of my users. Sorry, off topic.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...