Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Routing issue on a Catalyst 3560, WS-C3560G-48PS

Greetings,

We have a firewall attached to our core switch on two ports, one going from the switch to the firewall to our main cisco router, and the other has been used as a management port for the firewall.

On the switch I'm trying to make route the traffic of a specified network (class B private) to the port used for managing the firewall. This is for return VPN traffic. As of now it the traffic is returning assynchronously through the switches default gateway. I set an IP routing protocol (ip routing is enabled) that sets the next hop for that network to the ip of the management port, but no dice. Any ideas? Will I have to mess with subnets?

Everyone's tags (3)
5 REPLIES
New Member

Routing issue on a Catalyst 3560, WS-C3560G-48PS

Hello Steven,


It is a little difficult to make out what you are trying to accomplish from your post.  Are you able to provide us with a diagram of current and desired traffic flow?  It is quite odd to try and route the return vpn traffic to the management interface on a firewall, you should be routing the return traffic to the next hop of the non management interface on the firewall.

Bear with me here as I am tyring to work with the information you have provided.

Routing issue on a Catalyst 3560, WS-C3560G-48PS

Hi Steven

We need a little more info, can you provide a quick diagram of the setup?

What firewall are you using? Is the management port labelled 'management' or is it just a standard ethernet port which has an IP address for management?

New Member

Routing issue on a Catalyst 3560, WS-C3560G-48PS

My apologies for the vagueness. I'm trying to force the routing of a specific network broadcast domain back to where the traffic originated from, from the same port that it originated from. Right now my VPN traffic is coming in the correct way and leaving out our main default gateway out our fiber connection, despite the IP Routing being enabled and destination network / gateway address being specified.

The management port on the firewall is a standard L3 port with an address specified for the port, and a seperate IP address for the management interface. It should allow non maangement traffic through.

New Member

Routing issue on a Catalyst 3560, WS-C3560G-48PS

It's very odd that on the core switch, 3560, I can ping the interface on the firewall that the vpn traffic is supposed to return through, the static rout appears to be set correctly, ip routing is enabled in the running-config, yet it's hitting the default gateway instead of the specified next-hop ip address of the intended firewall interface.

New Member

Routing issue on a Catalyst 3560, WS-C3560G-48PS

I think the bottom line here is that in the core switch, configured with "ip routing", traffic is not returning symmetrically, and isntead is going out via the default gateway of the switch.

297
Views
0
Helpful
5
Replies
CreatePlease to create content