Solved

vlan lan routing

Posted on 2008-10-22
15
265 Views
Last Modified: 2012-05-05
VLAN 20 can connect to Domain in VLAN10
But VLAN 20 cannot connect to Firewall in VLAN10

whats the solution?
lan.jpg
0
Comment
Question by:ammadeyy2020
  • 7
  • 7
15 Comments
 

Author Comment

by:ammadeyy2020
Comment Utility
Domain Server is unable to connect internet
domain server, if i add gw 192.168.10.2 it can connect to internet
but then vlan 20 cant connect to domain server
if i add both 10.2 and 10.1 the traffic is slow gets time out often
0
 
LVL 21

Expert Comment

by:from_exp
Comment Utility
add route on firewall to vlan 20 network via catalyst address in vlan10 network.
0
 
LVL 4

Expert Comment

by:damalano
Comment Utility
can you ping to the firewall ?
is there a route on the firewall so he can find his way back to vlan 20?
Is the routing done on the 1701 or  on the catalyst ?
can't you connect to the firewall or the internet isn't working ?

0
 
LVL 21

Expert Comment

by:from_exp
Comment Utility
because you can see, that domain has gw to 192.168.10.1, but more likely your firewall has default gw to internet
so you have to add route:

route add 192.168.20.0 mask 255.255.255.0 gateway 192.168.10.1
0
 

Author Comment

by:ammadeyy2020
Comment Utility
do i have to add to firewall or router?
0
 

Author Comment

by:ammadeyy2020
Comment Utility
from domain i can ping to 192.168.10.2
but i cant connect to ISP DNS
to domain if i add gw 192.168.10.2, then i can ping to ISP DNS
0
 
LVL 21

Expert Comment

by:from_exp
Comment Utility
I can see, that your firewall is connected directly to 3548 switch on your picture, so I suppose you have to add route to firewall
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 21

Expert Comment

by:from_exp
Comment Utility
so my idea is:
1. your 3548 is routing switch for vlan 10 and vlan 20
2. all pc's should have default gws to 3548
3. firewall should have static route to 192.168.20.0/24 network via 3548 (192.168.10.1)
4. 3548 should have default gw set to firewall
5. if you have some networks behind 1701, then you have to define them on 3548 via 1701
6. add route on 1701 to 192.168.20.0/24 network via 3548
0
 

Author Comment

by:ammadeyy2020
Comment Utility
router is used for routing, switch is used for vlan since 3548 is L2 switch
router ip is 192.168.1.1
switch ip is 192.168.1.2

router i have created sub-interface pointin to vlans on the switch


client1,
ip address 192.168.10.20
gw : 192.168.1.1 (router ip)

firewall
ip address 192.168.10.2

client can ping to 192.168.1.1
but cant ping to ISP, using proxy can browse internet


if client gw change to 192.168.10.2, then can ping to ISP and browse. but cant ping to router
i need vlan interface as gateway on client machines, or else clients are unable to connect to my PC

0
 
LVL 21

Expert Comment

by:from_exp
Comment Utility
hm-hm, then seems you have incorrect picture.

however the idea is the same: you have correct your routing :)

please paste here CORRECT network topology and I'll be able to point you what should be changed.
0
 

Author Comment

by:ammadeyy2020
Comment Utility
VLAN 10 can talk to VLAN 20
VLAN 20 can talk to VLAN 10

VLAN 20 and 10 can ping to both router and switch

VLAN 30 USER 192.168.30.15  can talk to VLAN, 10, 20,

Internet Firewall, can talk to only VLAN 30 users
if i add gw to firwall all vlans can talk to firewall

i cant add gw because cant have 2 gateways in firewall

i want all vlans to be able to talk to internet firewall





lan.jpg
0
 
LVL 21

Accepted Solution

by:
from_exp earned 500 total points
Comment Utility
ok you don't need to add second default gw to firewall, you have to add only two routes: to vlan 10 and vlan 20 networks.
simple static routes

if firewall is windows, just add:
route -p add 192.168.10.0 mask 255.255.255.0 192.168.30.1
route -p add 192.168.20.0 mask 255.255.255.0 192.168.30.1

if it is cisco, then
ip route 192.168.10.0 255.255.255.0 192.168.30.1
ip route 192.168.20.0 255.255.255.0 192.168.30.1

if it is other firewall with gui, you should go somewhere like advanced routing and add two static routes
0
 

Author Comment

by:ammadeyy2020
Comment Utility
im using microsoft isa server 2006

i added route
route -p add 192.168.20.0 mask 255.255.255.0 192.168.30.1

but from firewall im unable to ping to 192.168.20.2
and from 192.168.20.2 i cant ping to firewall
from 192.168.20.2 i can ping to 192.168.30.1

0
 

Author Comment

by:ammadeyy2020
Comment Utility
now i can ping, i have added ranges to firewall
i can ping to firewall internal interface
but i cant ping to ISP DNS
0
 
LVL 21

Expert Comment

by:from_exp
Comment Utility
possibly you have also to configure routes on 1701 router
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Join & Write a Comment

Suggested Solutions

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now