L3 switch (100.3) provides internet access for all who connect to it and has been working just fine. Recently I had to setup a different subnet off of that L3 switch (100.3) so now port 20 connects to a L2 switch to provide internet access to 192.168.2.0/24 network as well as access to some services on 192.168.100.0/24.
The problem I am having is that I am able to ping machines on the 192.168.2.0 network and vice versa but if i try to hit a web port or ssh most of the time it does not work. What makes it difficult it sometimes does work which drives me crazy and confuses me. Now if I bypass the ASA everything seems to work just fine. I have the access rules on the asa on the outside interface
source 192.168.100.0/24 dest 192.168.2.0/24 ip permit
source 192.168.2.0/24 dest 192.168.100.0/24 ip permit
and on the inside interface
any any ip permit
L3 Switch (100.3)
Where am I going wrong? I would appreciate any suggestions.
yes the clients are connected to the L3 switches. I'm starting to see the problem but I have some knowledge gaps. Do I setup a trunk on the interface that connects to the 192.168.2.0? If so do I need trunking ports to get to the router? Or would it be simpler to do routing on the L3 switch that physically connects to the 192.168.2.0?
So in the above do you have clients in 192.168.100.x connected to L3 switch_1 ?
And do you have clients in 192.168.100.x connected to L3 switch_2 ?
The problem is the natural place to do routing is for multiple vlans is actually L3 switch_2. In fact i'm not sure what L3 switch_1 is doing other than connecting the router to the firewall. If you have clients on that switch they are not firewalled from the internet.
The interesting thing is it all works without the ASA but i'm not sure how if you have not setup inter vlan routing,
Can you answer my questions as to where the 192.168.100.x clients are connected and post your router config (minus any public IP info etc.) and we can see where to go from there.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...