[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 339
  • Last Modified:

Subnet using Switch-based Routing Cannot Access Internet

In the following configuration, can anyone tell me why clients on subnet 192.168.20.0 are NOT able to access the internet?  The two other subnets are hitting the internet just fine.  I can't tell if the problem is on the firewall or the switch configuration, but internet access for this subnet is the ONLY communication problem I can detect.
_______________________
Internet
|
Router (Cisco 2600 series)
|
Firewall (PIX 515E), 192.168.0.3
|
Switch (Cisco 3750e), 192.168.0.1 ..... gateway set to 192.168.0.3 ..... 1 VLAN (default) ..... routing enabled ..... static routes established for destination 0.0.0.0/0 to gateway 192.168.0.3 and destination 192.168.20.0/24 to gateway 192.168.0.4 ..... subnet 192.168.10.0/24 assigned to port 3
|
Switch (Cisco 3750s), 192.168.0.4 ..... gateway set to 192.168.0.1 ..... 1 VLAN (default) ..... routing enabled ..... static route established for destination 0.0.0.0/0 to gateway 192.168.0.1 ..... subnet 192.168.20.0/24 assigned to port 2 (192.168.20.1)
|
Clients on subnet 192.168.20.0/24 using gateway 192.168.20.1
_______________________

NOTE:  Subnet 192.168.0.0/24 clients connected to the secondary switch are also able to access the internet.  The ONLY clients having a problem are on subnet 192.168.20.0/24.

Thanks for any ideas!!!
0
isdirect
Asked:
isdirect
  • 2
2 Solutions
 
Don JohnstonInstructorCommented:
Are you running a routing protocol between the 3750's and the PIX? If not then I would say your problem is that the PIX doesn't have a route to the 192.168.20.0/24 network.
0
 
JFrederick29Commented:
Also, check to make sure the PIX is NAT'ing the 192.168.20.0/24 traffic.
0
 
isdirectAuthor Commented:
Thanks guys!!  Both of you are agreeing with my instincts, but - I am not well-versed in the command-line interface for my PIX.  I can get log in and enable, and I know how to view the configuration, but I don't know what to look for to verify these things.  Can you tell me what lines to look for, and how to add the route and/or NAT lines for the .20 subnet?
0
 
JFrederick29Commented:
Make sure you have a route like this:

route inside 192.168.20.0 255.255.255.0 192.168.0.1

Also, for the NAT, you should have commands similar to this:

nat (inside) 1 192.168.x.x 255.255.255.0

If you don't have a "nat" statement for the 192.168.20.0/24 subnet, add this:

nat (inside) 1 192.168.20.0 255.255.255.0

If you have this "nat (inside) 1 0.0.0.0 0.0.0.0" or "nat (inside) 1 192.168.0.0 255.255.0.0" then it covers the subnets and you don't have to add anything nat related.
0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now