• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 292
  • Last Modified:

vlan lan routing

VLAN 20 can connect to Domain in VLAN10
But VLAN 20 cannot connect to Firewall in VLAN10

whats the solution?
lan.jpg
0
ammadeyy2020
Asked:
ammadeyy2020
  • 7
  • 7
1 Solution
 
ammadeyy2020Author Commented:
Domain Server is unable to connect internet
domain server, if i add gw 192.168.10.2 it can connect to internet
but then vlan 20 cant connect to domain server
if i add both 10.2 and 10.1 the traffic is slow gets time out often
0
 
from_expCommented:
add route on firewall to vlan 20 network via catalyst address in vlan10 network.
0
 
damalanoCommented:
can you ping to the firewall ?
is there a route on the firewall so he can find his way back to vlan 20?
Is the routing done on the 1701 or  on the catalyst ?
can't you connect to the firewall or the internet isn't working ?

0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
from_expCommented:
because you can see, that domain has gw to 192.168.10.1, but more likely your firewall has default gw to internet
so you have to add route:

route add 192.168.20.0 mask 255.255.255.0 gateway 192.168.10.1
0
 
ammadeyy2020Author Commented:
do i have to add to firewall or router?
0
 
ammadeyy2020Author Commented:
from domain i can ping to 192.168.10.2
but i cant connect to ISP DNS
to domain if i add gw 192.168.10.2, then i can ping to ISP DNS
0
 
from_expCommented:
I can see, that your firewall is connected directly to 3548 switch on your picture, so I suppose you have to add route to firewall
0
 
from_expCommented:
so my idea is:
1. your 3548 is routing switch for vlan 10 and vlan 20
2. all pc's should have default gws to 3548
3. firewall should have static route to 192.168.20.0/24 network via 3548 (192.168.10.1)
4. 3548 should have default gw set to firewall
5. if you have some networks behind 1701, then you have to define them on 3548 via 1701
6. add route on 1701 to 192.168.20.0/24 network via 3548
0
 
ammadeyy2020Author Commented:
router is used for routing, switch is used for vlan since 3548 is L2 switch
router ip is 192.168.1.1
switch ip is 192.168.1.2

router i have created sub-interface pointin to vlans on the switch


client1,
ip address 192.168.10.20
gw : 192.168.1.1 (router ip)

firewall
ip address 192.168.10.2

client can ping to 192.168.1.1
but cant ping to ISP, using proxy can browse internet


if client gw change to 192.168.10.2, then can ping to ISP and browse. but cant ping to router
i need vlan interface as gateway on client machines, or else clients are unable to connect to my PC

0
 
from_expCommented:
hm-hm, then seems you have incorrect picture.

however the idea is the same: you have correct your routing :)

please paste here CORRECT network topology and I'll be able to point you what should be changed.
0
 
ammadeyy2020Author Commented:
VLAN 10 can talk to VLAN 20
VLAN 20 can talk to VLAN 10

VLAN 20 and 10 can ping to both router and switch

VLAN 30 USER 192.168.30.15  can talk to VLAN, 10, 20,

Internet Firewall, can talk to only VLAN 30 users
if i add gw to firwall all vlans can talk to firewall

i cant add gw because cant have 2 gateways in firewall

i want all vlans to be able to talk to internet firewall





lan.jpg
0
 
from_expCommented:
ok you don't need to add second default gw to firewall, you have to add only two routes: to vlan 10 and vlan 20 networks.
simple static routes

if firewall is windows, just add:
route -p add 192.168.10.0 mask 255.255.255.0 192.168.30.1
route -p add 192.168.20.0 mask 255.255.255.0 192.168.30.1

if it is cisco, then
ip route 192.168.10.0 255.255.255.0 192.168.30.1
ip route 192.168.20.0 255.255.255.0 192.168.30.1

if it is other firewall with gui, you should go somewhere like advanced routing and add two static routes
0
 
ammadeyy2020Author Commented:
im using microsoft isa server 2006

i added route
route -p add 192.168.20.0 mask 255.255.255.0 192.168.30.1

but from firewall im unable to ping to 192.168.20.2
and from 192.168.20.2 i cant ping to firewall
from 192.168.20.2 i can ping to 192.168.30.1

0
 
ammadeyy2020Author Commented:
now i can ping, i have added ranges to firewall
i can ping to firewall internal interface
but i cant ping to ISP DNS
0
 
from_expCommented:
possibly you have also to configure routes on 1701 router
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

  • 7
  • 7
Tackle projects and never again get stuck behind a technical roadblock.
Join Now