Community Member

Routing Setup

I have a customer with a different case and I am having trouble getting the routing working.


They have an ASA as the head-end today with a single flat network and all unmanaged switches. The ASA is on network The ASA is


I have added a L3 switch behind the ASA to do some segmentation of the network to clean things up. The switch is on VLAN1 with the ASA with an address of and all pings fine including to the other PCs on the network.


I have created a new network of and assigned the L3 an address of From that address I can ping the ASA Inside interface at and I can ping to the Internet both by IP and by name. However, from that I cannot ping to any computers on the 173.18.1.x network (i.e. the DNS server is and it cannot be reached from he address).


Any ideas where my routing is screwed up? I have static routes in place on both the L3 and the ASA.


L3 routing setup:

interface Vlan1
 ip address
interface Vlan10
 ip address
interface Vlan30
 ip address
ip classless
ip route
ip route is subnetted, 2 subnets
C is directly connected, Vlan30
C is directly connected, Vlan1
S* [1/0] via



ASA routing setup:

route outside 1
route inside Wireless 1

C is directly connected, outside
S    Wireless [1/0] via, inside
C is directly connected, inside
S* [1/0] via, outside




Community Member

Please change the route on ASA

route inside

Community Member

you can remove the below static route from your L3 switch

ip route

Community Member

For the network should I still be using the ASA as the gateway for the clients or should I be using the L3 switch?


I have made the changes to the routing but am still not able to ping anything not the .1 network from the .30 network.


Community Member

All the clients in Vlan-1 should have a default GW as an interface on L3 switch :

same for the clients in Vlan-30, their default GW should be an Interface on L3 switch :

Please check your vlan status, and make surre that you have created L2 Vlans also # show vlan (you should able see your vlans vlan-1,vlan-30 and vlan-10) if not then please create L2 vlans by entering command : # vlan 30 


please try to ping as follow.

#ping source

#ping source

If above ping fails then enter command # ip routing and try above ping one more time.

Community Member

Instead of having an addressed interface on VLAN1 not he L3 switch, can I just make a route between the 30 and the 1? There are a large number of users, and they are all static, that would need their addresses changed to be able to make this work I think.

Any other ideas?



Community Member

You can swap the IP address of  L3 switch and firewall (for vlan -1), if you plan to do that rou need to change your static routes accordingly.

As vlan 30 is on L3- switch, you need to crate a route on firewall

Wireless  "<Next_hop_ip address>" not <Firewall_address>

So for firewalls prospective its nextt hop will be the ip address of Vlan-1 of the L3 switch

How does ASA knows about 173.18.30.X network?

Also the static route which you have entered "route inside Wireless 1" should be route inside Wireless  <firewall_IP_address>"



Community Member

should be route inside Wireless  <firewall_IP_address>" - What address should the firewall be? The interface for VLAN 1 on the L3?

