Solved

vlan lan routing

Posted on 2008-10-22
15
268 Views
Last Modified: 2012-05-05
VLAN 20 can connect to Domain in VLAN10
But VLAN 20 cannot connect to Firewall in VLAN10

whats the solution?
lan.jpg
0
Comment
Question by:ammadeyy2020
  • 7
  • 7
15 Comments
 

Author Comment

by:ammadeyy2020
ID: 22774399
Domain Server is unable to connect internet
domain server, if i add gw 192.168.10.2 it can connect to internet
but then vlan 20 cant connect to domain server
if i add both 10.2 and 10.1 the traffic is slow gets time out often
0
 
LVL 21

Expert Comment

by:from_exp
ID: 22774400
add route on firewall to vlan 20 network via catalyst address in vlan10 network.
0
 
LVL 4

Expert Comment

by:damalano
ID: 22774402
can you ping to the firewall ?
is there a route on the firewall so he can find his way back to vlan 20?
Is the routing done on the 1701 or  on the catalyst ?
can't you connect to the firewall or the internet isn't working ?

0
 
LVL 21

Expert Comment

by:from_exp
ID: 22774408
because you can see, that domain has gw to 192.168.10.1, but more likely your firewall has default gw to internet
so you have to add route:

route add 192.168.20.0 mask 255.255.255.0 gateway 192.168.10.1
0
 

Author Comment

by:ammadeyy2020
ID: 22774438
do i have to add to firewall or router?
0
 

Author Comment

by:ammadeyy2020
ID: 22774450
from domain i can ping to 192.168.10.2
but i cant connect to ISP DNS
to domain if i add gw 192.168.10.2, then i can ping to ISP DNS
0
 
LVL 21

Expert Comment

by:from_exp
ID: 22774497
I can see, that your firewall is connected directly to 3548 switch on your picture, so I suppose you have to add route to firewall
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 21

Expert Comment

by:from_exp
ID: 22774511
so my idea is:
1. your 3548 is routing switch for vlan 10 and vlan 20
2. all pc's should have default gws to 3548
3. firewall should have static route to 192.168.20.0/24 network via 3548 (192.168.10.1)
4. 3548 should have default gw set to firewall
5. if you have some networks behind 1701, then you have to define them on 3548 via 1701
6. add route on 1701 to 192.168.20.0/24 network via 3548
0
 

Author Comment

by:ammadeyy2020
ID: 22774612
router is used for routing, switch is used for vlan since 3548 is L2 switch
router ip is 192.168.1.1
switch ip is 192.168.1.2

router i have created sub-interface pointin to vlans on the switch


client1,
ip address 192.168.10.20
gw : 192.168.1.1 (router ip)

firewall
ip address 192.168.10.2

client can ping to 192.168.1.1
but cant ping to ISP, using proxy can browse internet


if client gw change to 192.168.10.2, then can ping to ISP and browse. but cant ping to router
i need vlan interface as gateway on client machines, or else clients are unable to connect to my PC

0
 
LVL 21

Expert Comment

by:from_exp
ID: 22775067
hm-hm, then seems you have incorrect picture.

however the idea is the same: you have correct your routing :)

please paste here CORRECT network topology and I'll be able to point you what should be changed.
0
 

Author Comment

by:ammadeyy2020
ID: 22775561
VLAN 10 can talk to VLAN 20
VLAN 20 can talk to VLAN 10

VLAN 20 and 10 can ping to both router and switch

VLAN 30 USER 192.168.30.15  can talk to VLAN, 10, 20,

Internet Firewall, can talk to only VLAN 30 users
if i add gw to firwall all vlans can talk to firewall

i cant add gw because cant have 2 gateways in firewall

i want all vlans to be able to talk to internet firewall





lan.jpg
0
 
LVL 21

Accepted Solution

by:
from_exp earned 500 total points
ID: 22775654
ok you don't need to add second default gw to firewall, you have to add only two routes: to vlan 10 and vlan 20 networks.
simple static routes

if firewall is windows, just add:
route -p add 192.168.10.0 mask 255.255.255.0 192.168.30.1
route -p add 192.168.20.0 mask 255.255.255.0 192.168.30.1

if it is cisco, then
ip route 192.168.10.0 255.255.255.0 192.168.30.1
ip route 192.168.20.0 255.255.255.0 192.168.30.1

if it is other firewall with gui, you should go somewhere like advanced routing and add two static routes
0
 

Author Comment

by:ammadeyy2020
ID: 22775817
im using microsoft isa server 2006

i added route
route -p add 192.168.20.0 mask 255.255.255.0 192.168.30.1

but from firewall im unable to ping to 192.168.20.2
and from 192.168.20.2 i cant ping to firewall
from 192.168.20.2 i can ping to 192.168.30.1

0
 

Author Comment

by:ammadeyy2020
ID: 22775878
now i can ping, i have added ranges to firewall
i can ping to firewall internal interface
but i cant ping to ISP DNS
0
 
LVL 21

Expert Comment

by:from_exp
ID: 22776171
possibly you have also to configure routes on 1701 router
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SSH logs Cisco switch 4 61
Cisco Sup720 Migrate to Sup2T 5 55
Link issue 11 53
Sonicwall TZ 205- Dropping Incoming E-mail as IP Spoof 13 92
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
The Cisco RV042 router is a popular small network interfacing device that is often used as an internet gateway. Network administrators need to get at the management interface to make settings, change passwords, etc. This access is generally done usi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now