When you setup the VLANs, did you also setup a DHCP scope? You might also check the NAT/PAT settings under Firewall as it should have automatically created the necessary entries. If not, create a NAT entry for the VLANs needing access to the Internet and use the appropriate WAN interface in the configuration.
Sent from Cisco Technical Support iPhone App
Please rate all helpful posts and mark correct answers to assist others searching for solutions in the community.
The ISA570 is only being used for internet access, it is not performing any intervlan routing, the Layer 3 switch is taking care of all that. The Layer 3 switch default route is the ISA570.
The ISA doesn't interact with the other VLAN's directly, just forwarding traffic to the statically assigned routes configured to direct traffic for the relevant subnets, but the ISA570 is not VLAN aware in this instance and is only a member of one subnet. So DHCP is not even required at this point and will be handled else where anyway, all devices are statically assigned at the moment.
So for example the gateway for all devices is the Layer 3 switch. The default route for the Layer 3 switch is the ISA570.
The ISA570 is not VLAN aware and has static routes for each subnet i.e. data subnet etc. with a default route as the Layer 3 switch.
Hopefully that makes a bit more sense.
It's a very straightforward set up at this point.
So as an example a device on the same subnet as the ISA570 with a default GW as the Layer 3 switch performs a ping to google on 18.104.22.168 a capture taken on the outside shows a source address of my NAT'd public IP and a destination as 22.214.171.124, this all being correct.
Now a device on the data VLAN with an IP of 10.10.10.1 performs a ping to google on 126.96.36.199, the packet first hits the Layer 3 switch 10.10.10.254 which is then forwarded to its default route as the ISA570, the ISA570 forwards it on to its default route being my ISP's public IP GW. A capture taken from the outside will show a source address as 10.10.10.1 being my un-NAT'd private IP with a destination of 188.8.131.52, naturally this fails.
Reboot and Factory Default Reset on ISA500 Series Integrated Security Appliances
Reboot or restart of the network device is made when certain changes in the settings need reboot or if the device is frozen. The configuration...
WAN Quality of Service (QoS) Policy Profiles Settings on ISA500 Series Integrated Security Appliances
Wide Area Network (WAN) Quality of Service (QoS) policy profiles manage traffic through classed-based profiles. These pro...
Cisco QuickVPN Installation Tips for Windows Operating Systems
For a video showing installation tips on Quick VPN, visit http://youtu.be/hHu2z6A78N8
Cisco QuickVPN is a free software designed for remote access to a ne...