troubleshooting Question

cisco - communications between vlan's (again)

Avatar of geothessgr
geothessgr asked on
Routers
16 Comments4 Solutions937 ViewsLast Modified:
it seems that i steel have the same problem... for some reason i steel can't establish a connection between the vlan's in my cisco... as an example a device from the 192.168.254.0 subnet can not ping or open another device in the 192.168.200.0 subnet

please i need help
here is the conf i use...

hostname geo
!
boot-start-marker
boot-end-marker
!
enable secret "secret"
!
no aaa new-model
!
resource policy
!
clock timezone Greece 3
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.254.1 192.168.254.100
ip dhcp excluded-address 192.168.200.1 192.168.200.100
!
ip dhcp pool VLAN1
   import all
   network 192.168.254.0 255.255.255.0
   default-router 192.168.254.254
   dns-server 62.169.194.17 62.169.194.18
   lease 4
!
ip dhcp pool Vlan200
   import all
   network 192.168.200.0 255.255.255.0
   default-router 192.168.200.1
   dns-server 62.169.194.17 62.169.194.18
   lease 4
!
!
ip telnet source-interface Vlan1
no ip bootp server
no ip domain lookup
ip inspect name myfw cuseeme timeout 3600
ip inspect name myfw ftp timeout 3600
ip inspect name myfw rcmd timeout 3600
ip inspect name myfw realaudio timeout 3600
ip inspect name myfw tftp timeout 30
ip inspect name myfw udp timeout 60
ip inspect name myfw tcp timeout 3600
ip inspect name myfw h323 timeout 3600
ip inspect name myfw esmtp
vpdn enable
!
vpdn-group 1
!
!
!
!
username geo privilege 15 password "password"
archive
 log config
  hidekeys
!
!
!
!
!
!
interface Loopback0
 description required for eigrp through tunnels
 ip address 192.168.5.1 255.255.255.0
!
interface ATM0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 no ip route-cache cef
 ip route-cache flow
 no ip mroute-cache
 atm vc-per-vp 64
 no atm ilmi-keepalive
 pvc 8/35
  encapsulation aal5mux ppp dialer
  dialer pool-member 1
 !
 dsl operating-mode auto
!
interface FastEthernet0
 switchport access vlan 200
 no cdp enable
 spanning-tree portfast
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
 description LAN network
 ip address 192.168.254.254 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
 no ip mroute-cache
 hold-queue 100 out
!
interface Vlan200
 ip address 192.168.200.1 255.255.255.0
 ip access-group 103 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 ip route-cache flow
 ip tcp adjust-mss 1452
 no ip mroute-cache
 hold-queue 100 out
!
interface Dialer1
 description ADSL Dialer
 bandwidth 128
 ip address negotiated
 ip access-group 101 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip inspect myfw out
 ip virtual-reassembly
 encapsulation ppp
 ip route-cache flow
 no ip mroute-cache
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication pap callin
 ppp pap sent-username "username" password "password"
 ppp ipcp dns request
 max-reserved-bandwidth 100
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
no ip http server
no ip http secure-server
ip nat inside source route-map in2out interface Dialer1 overload
ip nat inside source static tcp 192.168.254.50 1723 interface Dialer1 1723
!
logging source-interface Vlan1
access-list 1 remark inside Vlan1
access-list 1 permit 192.168.254.0 0.0.0.255
access-list 101 remark -----permitions list
access-list 101 permit tcp any any eq ident
access-list 101 permit gre any any
access-list 101 permit tcp any any eq 1723
access-list 101 remark ----- e-mule ------
access-list 101 permit tcp any any eq 11111
access-list 101 permit udp any any eq 22222
access-list 101 remark -----IPSEC rule
access-list 101 remark -----nasa atomic clock permition
access-list 101 permit udp host 198.123.30.132 any eq ntp
access-list 101 remark -----antispoof list
access-list 101 deny   ip host 255.255.255.255 any log
access-list 101 deny   ip host 127.0.0.1 any log
access-list 101 remark ---------- special use address
access-list 101 deny   ip host 0.0.0.0 any log
access-list 101 deny   ip 0.0.0.0 0.255.255.255 any log
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any log
access-list 101 deny   ip 169.254.0.0 0.0.255.255 any log
access-list 101 deny   ip 192.0.2.0 0.0.0.255 any log
access-list 101 deny   ip 224.0.0.0 31.255.255.255 any log
access-list 101 deny   ip 224.0.0.0 15.255.255.255 any log
access-list 101 deny   ip 240.0.0.0 7.255.255.255 any log
access-list 101 deny   ip 248.0.0.0 7.255.255.255 any log
access-list 101 remark ---------- RFC 1918 space
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any log
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any log
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any log
access-list 101 remark ---------- My space
access-list 101 remark -----logged deny list
access-list 101 deny   tcp any any eq 12345 log
access-list 101 deny   tcp any any eq 31337 log
access-list 101 deny   tcp any any eq 31773 log
access-list 101 deny   tcp any any eq telnet log
access-list 101 deny   tcp any any eq ftp log
access-list 101 deny   tcp any any eq 139
access-list 101 deny   icmp any any
access-list 101 deny   udp any any
access-list 101 deny   tcp any any
access-list 102 remark Inside2Outside routemap
access-list 102 permit ip 192.168.254.0 0.0.0.255 any
access-list 102 permit ip 192.168.200.0 0.0.0.255 any
access-list 103 remark -------------- vlan200 permitions --------------
access-list 103 permit tcp any any established
access-list 103 permit udp any any eq bootps
access-list 103 deny   ip 192.168.200.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 103 permit ip 192.168.200.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
!
!
route-map in2out permit 1
 match ip address 102
!
!
control-plane
!
!
line con 0
 exec-timeout 120 0
 login local
 no modem enable
 transport output telnet
 stopbits 1
line aux 0
 transport output all
line vty 0 4
 access-class 1 in
 exec-timeout 120 0
 privilege level 15
 login local
 length 0
 transport input telnet ssh
 transport output all
!
scheduler max-task-time 5000
end
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 4 Answers and 16 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 4 Answers and 16 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros