I have a customer with a different case and I am having trouble getting the routing working.
They have an ASA as the head-end today with a single flat network and all unmanaged switches. The ASA is on network 188.8.131.52. The ASA is 184.108.40.206.
I have added a L3 switch behind the ASA to do some segmentation of the network to clean things up. The switch is on VLAN1 with the ASA with an address of 220.127.116.11 and all pings fine including to the other PCs on the network.
I have created a new network of 18.104.22.168 and assigned the L3 an address of 22.214.171.124. From that address I can ping the ASA Inside interface at 126.96.36.199 and I can ping to the Internet both by IP and by name. However, from that 188.8.131.52 I cannot ping to any computers on the 173.18.1.x network (i.e. the DNS server is 184.108.40.206 and it cannot be reached from he 220.127.116.11 address).
Any ideas where my routing is screwed up? I have static routes in place on both the L3 and the ASA.
L3 routing setup:
interface Vlan1 ip address 18.104.22.168 255.255.255.0 ! interface Vlan10 ip address 22.214.171.124 255.255.255.0 ! interface Vlan30 ip address 126.96.36.199 255.255.255.0 ! ip classless ip route 0.0.0.0 0.0.0.0 188.8.131.52 ip route 184.108.40.206 255.255.255.0 220.127.116.11
18.104.22.168/24 is subnetted, 2 subnets C 22.214.171.124 is directly connected, Vlan30 C 126.96.36.199 is directly connected, Vlan1 S* 0.0.0.0/0 [1/0] via 188.8.131.52
C 184.108.40.206 255.255.255.224 is directly connected, outside S Wireless 255.255.255.0 [1/0] via 220.127.116.11, inside C 18.104.22.168 255.255.255.0 is directly connected, inside S* 0.0.0.0 0.0.0.0 [1/0] via 22.214.171.124, outside
All the clients in Vlan-1 should have a default GW as an interface on L3 switch : 126.96.36.199
same for the clients in Vlan-30, their default GW should be an Interface on L3 switch : 188.8.131.52
Please check your vlan status, and make surre that you have created L2 Vlans also # show vlan (you should able see your vlans vlan-1,vlan-30 and vlan-10) if not then please create L2 vlans by entering command : # vlan 30
please try to ping as follow.
#ping 184.108.40.206 source 220.127.116.11
#ping 18.104.22.168 source 22.214.171.124
If above ping fails then enter command # ip routing and try above ping one more time.
Instead of having an addressed interface on VLAN1 not he L3 switch, can I just make a route between the 30 and the 1? There are a large number of users, and they are all static, that would need their addresses changed to be able to make this work I think.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...