Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Cant ping firewall...

Hello,

I have just setup a 2650 hp switch, the IP of the firewall is 10.52.100.123............I can ping fine........if I put a workstation in this vlan (id 100) i can ping firewall and access the internet fine.

Now if I am in a different vlan, say vlan 16 I cannot ping the firewall ip but can ping the vlan default gateway 10.52.100.254, my config is below of the switch:

Startup configuration:

; J4899A Configuration Editor; Created on release #H.10.83

hostname "bmi-2650-core1"

max-vlans 50

time daylight-time-rule Western-Europe

console inactivity-timer 15

interface 49

   no lacp

exit

interface 50

   no lacp

exit

trunk 49-50 Trk1 LACP

ip routing

timesync sntp

sntp unicast

snmp-server community "public" Unrestricted

vlan 1

   name "DEFAULT_VLAN"

   untagged 3-46,Trk1

   ip address dhcp-bootp

   no untagged 1-2,47-48

   exit

vlan 100

   name "bmi_fwall"

   untagged 47-48

   ip address 10.52.100.254 255.255.255.0

   tagged Trk1

   ip igmp

   exit

vlan 10

   name "bmi_svr"

   untagged 2

   ip address 10.52.10.254 255.255.255.0

   tagged Trk1

   ip igmp

   exit

vlan 16

   name "bmi_wired"

   untagged 1

   ip address 10.52.16.254 255.255.255.0

   ip helper-address 10.52.10.1

   ip helper-address 10.52.10.2

   tagged Trk1

   ip igmp

   exit

vlan 20

   name "bmi_guestw"

   ip address 10.52.20.254 255.255.255.0

   ip helper-address 10.52.10.1

   ip helper-address 10.52.10.2

   tagged Trk1

   ip igmp

   exit

vlan 25

   name "bmi_wless"

   ip address 10.52.25.254 255.255.255.0

   ip helper-address 10.52.10.1

   ip helper-address 10.52.10.2

   tagged Trk1

   ip igmp

   exit

vlan 40

   name "bmi_print"

   ip address 10.52.40.254 255.255.255.0

   ip helper-address 10.52.10.1

   ip helper-address 10.52.10.2

   tagged Trk1

   ip igmp

   exit

vlan 90

   name "bmi_cctv"

   ip address 10.52.90.254 255.255.255.0

   ip helper-address 10.52.10.1

   ip helper-address 10.52.10.2

   tagged Trk1

   ip igmp

   exit

vlan 5

   name "bmi_mgmt"

   ip address 10.52.5.254 255.255.255.0

   ip helper-address 10.52.10.1

   ip helper-address 10.52.10.2

   tagged Trk1

   ip igmp

   exit

vlan 167

   name "VLAN167"

   exit

ip route 0.0.0.0 0.0.0.0 10.52.100.123

spanning-tree

spanning-tree Trk1 priority 4

spanning-tree priority 0

password manager

password operator

bmi-2650-core1(vlan-100)#

I've added the static-route to the firewall 10.52.0.0, if I telnet to the switch I can ping 10.52.100.123 fine

this is from the firewall (pix 515): when I try and ping 10.52.100.123 from 10.52.16.222 (ip of workstation):

Teardown ICMP connection for faddr 10.52.16.222/1 gaddr 10.52.100.123/0 laddr 10.52.100.123/0
262
Views
0
Helpful
0
Replies
CreatePlease to create content