cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
338
Views
0
Helpful
3
Replies

Routing problem in 3750

sivakumar.ks
Level 1
Level 1

Hi ,

I am facing problem in routing.

I have 24 ports cisco 3750 switch it is connected to Internet and also I am trying use the same switch for my DMZ servers.

The existing routing table is as follows (sample Public IP address)

199.20.16.0 255.255.248.0 199.20.21.195 (My PIX outside Interface)

I have created a vlan 1000 in 3750 that is going to server for DMZ servers.

I subnet the above (199.20.16.0 255.255.248.0) public range into 27 mask bits.

So my DMZ network carries the IP address of the range 199.20.21.33 to 199.20.21.62 with subnet mask of 255.255.255.224.

So the VLAN 1000 interface look like as below

VLAN 1000

199.20.21.59 255.255.255.224

At PIX end DMZ Interface IP address is 199.20.21.61 with mask of 255.255.255.224.

After creating the VLAN 1000 interface I assigned those Switch port access vlan 1000 to few interface and started connecting the DMZ server in those ports in CISCO 3750, also I added static route for those DMZ server IP address in the switch pointing to 199.20.21.61

So my routing table looks like

199.20.16.0 255.255.248.0 199.20.21.195

199.20.21.41 255.255.255.255 199.20.21.61

Where 199.20.21.41 is one of the DMZ servers IP address. But when I did trace route from that server it is going via Public Interface.

We have separate VLAN 999 for Internet connection, which terminates to Firewall outside interface that subnet range, is 199.20.21.193 to 199.20.21.222 with subnet mask of 255.255.255.224. Since we hold 2046 Arpnic IP address we subnet all into 27 mask bits.

Can anyone help me how to reroute the DMZ server in 3750 so that it looks into DMZ interface instead of PUBLIC interface.

Thanks in advance.

siva

3 Replies 3

pkhatri
Level 11
Level 11

Hi Siva,

Just to clarify things: you are trying to traceroute from a DMZ server to some public address ? Is that correct ? Have you configured the default gateway on the server to be 199.20.21.61 ? If so, it will first route to the PIX DMZ interface from where it will be routed out via the PIX's outside interface.

Hope that helps - pls rate the post if it does.

Paresh

yes I have done that. Do you want me to configure default route in the 3750 switch to 199.20.21.61 and leave the static route as it is ?

Hi Siva,

Can you post the results of your traceroute ?

Paresh

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco