[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Passing IPSec traffic through VLAN trunks

Posted on 2004-11-21
4
Medium Priority
?
1,291 Views
Last Modified: 2008-05-30
I have a Cisco 3750 and 2950 switch in my network. Trunking is enabled on the link that connects the 2950 to the 3750 switch with encap as dot1q.

One VLAN, viz. VLAN4, is configured in the 3750 with IP address as 172.17.170.1/26. The IP address of the default VLAN (VLAN 1) is 172.17.168.30/24 and a DHCP server resides in this VLAN which has a scope created (172.17.170.3 - 172.17.170.62; Mask 255.255.255.192; Router: 172.17.170.1) for VLAN4. IP address of DHCP server is 172.17.168.240/24.

Interface VLAN4 has been configured with the command "ip helper-address 172.17.168.240" and the members of the VLAN4, which are connected to 3750 as well as in 2950, gets an address from the range 172.17.170.3 - 172.17.170.62 without any problem.

I have a Cisco PIX 515E firewall whose "inside" interface ( IP address: 172.17.170.2/26 ) is connected to a port in the 3750 which is member of VLAN4. One IPSec VPN tunnel is created
with one of my clients, though the PIX firewall. The target IP address in client location is 192.168.5.6. Following route is added in the 3750:

ip route 192.168.5.0 255.255.255.0 172.17.170.2

I have connected one PC in 3750 and one in 2950 and they are member of VLAN4. The PC in 3750 gets an address of 172.17.170.3 and the one in 2950 gets 172.17.170.4. The default gateway they get, as defined in the scope, is 172.17.170.1.

The PC connected to 3750 can ping the address 192.168.5.6 over the VPN but the PC in 2950 cannot.

What could be the problem ?
0
Comment
Question by:mitra_am
3 Comments
 
LVL 9

Expert Comment

by:jabiii
ID: 12668469
bi directional traffic on the fw or uni?
0
 

Author Comment

by:mitra_am
ID: 12678919
Problem solved. Allowed all the VLANs through the trunks.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 15587830
PAQed with points refunded (100)

Computer101
EE Admin
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the Top 10  common Cisco VPN problems are not-matching shared keys. This is an easy one to fix, but not always easy to notice, see the case below. A simple IPsec tunnel between fast Ethernet interfaces of routers SW1 (f1/1) and R1(f0/0). …
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question