I have a routing problem from a new subnet and vlan I have setup. The network setup is as follows:
4006 layer 2 and 3 switch serving vlan 1 on LAN behind PIX. On this side of PIX we also have networks across WAN. On other side of PIX we have vpn tunnels across internet to other PIX's on our corporate networks. VLAn 1 is live network and can reach all required networks on both sides of PIX.
here's the problem: I have setup a new vlan on the switch on our LAN and can ping items on our lan vlan 1 and across the WAN this side of the PIX. I can not ping servers through the pix vpn tunnel to boxes the other side of the internet vpn tunnels. If I do a tracert from the new vlan it gets as far as the 4006 switch on our network (the gateway for this vlan) an no further. The switch has the IP route for the networks the other side of the PIX vpn tunnels and we know this works because existing vlan uses this fine. I have also updated the correct access list on the PIX to allow traffic from new vlan subnet to the networks the other side of vpn tunnels.
So put simply I think I'm right in saying the switch is not routing the new vlan correctly when the destination is a network the other side of the PIx or the PIx is not allowing this traffic
You might want to look at your access-list hit count to see if it is increasing. You can also look at the firewall syslog messages to make sure the host that is on the new vlan is making it to the firewall interface and attempting to route across the vpn.
You might aslo want to try the
clear crypto ipsec sa and
clear crypto isakmp sa commands on
each side to drop the tunnel and clear the security associations.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...