Vlans cannot communicate with each other

Hi there. I have configured vlans on my cisco router 1811 and configured pbr with IP SLA. Everything is working except that my vlan computers cannot communicate with each other. Any help would be really appreciated. Currently i am only using vlan 500 and vlan 100 in which i have connected two pcs respectively.
ip sla 1
 icmp-echo 203.81.192.1 source-interface FastEthernet1
 timeout 1000
 threshold 500
ip sla schedule 1 life forever start-time now
ip sla 2
 icmp-echo 117.102.4.71 source-interface FastEthernet0
 timeout 1000
 threshold 500
ip sla schedule 2 life forever start-time now
!
!
!
username nasir privilege 15 password 7 13041B1318070539
username admin privilege 15 secret 5 $1$JPPR$cbjvNz02VzxFHCll3edYj0
!
!
track 1 rtr 1 reachability
 delay down 15 up 60
!
track 2 rtr 2 reachability
 delay down 15 up 60
!
!
!
!
!
interface Null0
 no ip unreachables
!
interface FastEthernet0
 description $FW_OUTSIDE$$ETH-WAN$
 ip address 192.168.5.55 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet1
 description $ETH-WAN$
 ip address 192.168.1.128 255.255.255.0
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet2
 switchport access vlan 500
!
interface FastEthernet3
 switchport access vlan 100
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
 switchport access vlan 100
 switchport mode trunk
!
interface FastEthernet7
 switchport access vlan 200
!
interface FastEthernet8
 switchport access vlan 700
 switchport mode trunk
!
interface FastEthernet9
 switchport access vlan 500
 switchport mode trunk
!
interface Vlan1
 no ip address
!
interface Vlan500
 ip address 192.168.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map www
!
interface Vlan700
 ip address 192.168.0.3 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map www
!
interface Vlan200
 ip address 192.168.2.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip policy route-map www
!
interface Vlan100
 ip address 192.168.4.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Async1
 no ip address
 encapsulation slip
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1 track 1
ip route 0.0.0.0 0.0.0.0 192.168.5.1 10 track 2
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 0.0.0.0 0.0.0.0 192.168.5.1 10
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map isp1 interface FastEthernet0 overload
ip nat inside source route-map isp2 interface FastEthernet1 overload
ip nat inside source static tcp 192.168.0.10 21 202.59.76.178 21 extendable
ip nat inside source static tcp 192.168.0.11 80 202.59.76.178 80 extendable
ip nat inside source static tcp 192.168.0.2 3389 202.59.76.178 3389 extendable
!
access-list 110 permit ip 192.168.0.0 0.0.255.255 any
access-list 110 permit ip any any
access-list 160 permit ip 192.168.2.0 0.0.0.255 any
access-list 160 permit ip 192.168.0.0 0.0.0.255 any
access-list 160 permit ip 192.168.10.0 0.0.0.255 any
access-list 160 permit ip 192.168.5.0 0.0.0.255 any
access-list 160 permit ip any any
no cdp run
!
!
!
route-map isp2 permit 10
 match ip address 110
 match interface FastEthernet1
!
route-map isp1 permit 10
 match ip address 110
 match interface FastEthernet0
!
route-map www permit 10
 match ip address 160
 set ip next-hop verify-availability 192.168.5.1 10 track 2
 set ip default next-hop 192.168.5.1

Open in new window

LVL 4
nasirshAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

educator99Commented:
Your Route-map is setting next hop for all packets matching access-list 160. But if you look closely to that list - it matches ALL packets because of string 125 "access-list 160 permit ip any any". So, all packets from your vlan 500 are routed to interface FastEthernet0.
You need to edit your access-list. Hope you know how to edit it (conf t, ip access-l extended 160, ...) or you will have to delete it and create it again (no access-list 160).
1. remove string  "access-list 160 permit ip any any"
2. add additional commands like "access-list 160 deny ip any 192.168.4.0 0.0.0.255" to beginning of your access-list according to your needs.
so your access-list will look like:
access-list 160 deny ip any 192.168.4.0 0.0.0.255
access-list 160 deny ip any 192.168.2.0 0.0.0.255
access-list 160 deny ip any 192.168.0.0 0.0.0.255
access-list 160 deny ip any 192.168.10.0 0.0.0.255
access-list 160 deny ip any 192.168.5.0 0.0.0.255
access-list 160 deny ip any 192.168.1.0 0.0.0.255
access-list 160 permit ip 192.168.2.0 0.0.0.255 any
access-list 160 permit ip 192.168.0.0 0.0.0.255 any
access-list 160 permit ip 192.168.10.0 0.0.0.255 any
access-list 160 permit ip 192.168.5.0 0.0.0.255 any
or if you do not have any outer networks using adresses from 192.168.0.0/16 beyond 192.168.5.0 and 192.168.1.0 networks  your access-list will look just like this:
access-list 160 deny ip any 192.168.0.0 0.0.255.255
access-list 160 permit ip 192.168.2.0 0.0.0.255 any
access-list 160 permit ip 192.168.0.0 0.0.0.255 any
access-list 160 permit ip 192.168.10.0 0.0.0.255 any
access-list 160 permit ip 192.168.5.0 0.0.0.255 any
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.