asked on VLANs & VPN
We have a client site with CISCO 3750 & 3560 switches installed. Data network is on VLAN1, Voice VLAN on VLAN10. We have configured SonicWall 2040 Firewall with X0 interface for VLAN1, and created sub interface for VLAN10 (both on different subnets).
Some Switch ports were assigned to Voice LAN devices (3CX VoIP Server, Patton Gateway,..) with this configuration on CISCO 3750
interface GigabitEthernet1/0/3
switchport access vlan 10
switchport mode access
spanning-tree portfast
However, other ports have this configuration on CISCO 3560
interface GigabitEthernet0/22
switchport mode access
switchport voice vlan 10
spanning-tree portfast
We are connecting IP Phones (configured as VLAN10) to any of these ports then connected from the built in switch to PCs.
The gateway for both VLANs is the SonicWall 2040
PCs on VLAN1 can access VoIP Server, and VoIP Server can access Internet through Gateway.
We have multiple remote sites connected by site to site VPN to the SonicWall in HO.
From VLAN1 PCs we can access PCs & Servers on any of these remote sites, but from VoIP Server on VLAN10 we are unable to access PCs in remote sites VPN.
We have checked the firewall and there was a default rule to allow traffic from All LAN Subnets to VPNs, and also we created one to allow traffic from Voice VLAN subnet to VPN subnet but still cannot connect.
Any thing missing??
Some Switch ports were assigned to Voice LAN devices (3CX VoIP Server, Patton Gateway,..) with this configuration on CISCO 3750
interface GigabitEthernet1/0/3
switchport access vlan 10
switchport mode access
spanning-tree portfast
However, other ports have this configuration on CISCO 3560
interface GigabitEthernet0/22
switchport mode access
switchport voice vlan 10
spanning-tree portfast
We are connecting IP Phones (configured as VLAN10) to any of these ports then connected from the built in switch to PCs.
The gateway for both VLANs is the SonicWall 2040
PCs on VLAN1 can access VoIP Server, and VoIP Server can access Internet through Gateway.
We have multiple remote sites connected by site to site VPN to the SonicWall in HO.
From VLAN1 PCs we can access PCs & Servers on any of these remote sites, but from VoIP Server on VLAN10 we are unable to access PCs in remote sites VPN.
We have checked the firewall and there was a default rule to allow traffic from All LAN Subnets to VPNs, and also we created one to allow traffic from Voice VLAN subnet to VPN subnet but still cannot connect.
Any thing missing??
VPN
Last Comment
cscdubai
ASKER
Thanks RustyZ32
Yes, command ip routing is found in one of the two CISCO 3750 Core Switches only
The Gateway for the Voice Server currently is SonicWall VLAn10 IP not the CISCO VLAN10 IP, should I change it?
Will try the ping and post results..
Yes, command ip routing is found in one of the two CISCO 3750 Core Switches only
The Gateway for the Voice Server currently is SonicWall VLAn10 IP not the CISCO VLAN10 IP, should I change it?
Will try the ping and post results..
why arent the two 3750 switches stacked?
In the meantime is hte link between the two trunked?
the two ports that are connected should have:
switchport mode trunk
switchport trunk encapusaltion dot1q
also do the remote site gateways have routing statements for the voice vlan?
In the meantime is hte link between the two trunked?
the two ports that are connected should have:
switchport mode trunk
switchport trunk encapusaltion dot1q
also do the remote site gateways have routing statements for the voice vlan?
ASKER
Hi RustyZ32,
The two CISCO 3750 are connected port 24 A to Port 24B
Attached is the configuration for Core A switch
We have 3 x 3560 switches connected to ports 13,14 & 15
The two CISCO 3750 are connected port 24 A to Port 24B
Attached is the configuration for Core A switch
We have 3 x 3560 switches connected to ports 13,14 & 15
3750CORE_A#sh run
Building configuration...
Current configuration : 2948 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname 3750CORE_A
!
!
username admin privilege 15 password 7
no aaa new-model
switch 1 provision ws-c3750g-24ps
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascendi
!
interface GigabitEthernet1/0/1
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast trunk
no shutdown
!
interface GigabitEthernet1/0/3
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/4
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/5
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/6
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/7
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/8
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/9
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/11
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/12
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/13
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast trunk
!
interface GigabitEthernet1/0/14
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast trunk
!
interface GigabitEthernet1/0/15
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast trunk
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
switchport access vlan 20
!
interface GigabitEthernet1/0/18
switchport access vlan 20
!
interface GigabitEthernet1/0/19
switchport access vlan 20
!
interface GigabitEthernet1/0/20
switchport access vlan 20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast trunk
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
ip address 192.168.146.212 255.255.255.0
standby 2 ip 192.168.146.211
standby 2 timers 5 15
standby 2 preempt
!
interface Vlan10
ip address 192.168.156.212 255.255.255.0
standby 3 ip 192.168.156.211
standby 3 timers 5 15
standby 3 preempt
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.146.150
ip http server
!
!
control-plane
!
!
line con 0
password 7 070E25414707
line vty 0 4
password 7 14161606050A
login
length 0
line vty 5 15
login
!
end
yes, definetly try changing the voice server's gateways to 192.168.156.212.
and make sure the sonicwall's have the right VPN settings to allow access to the 192.168.156.0 network. I havent worked on a sonicwall in several years and really cant help there.
and make sure the sonicwall's have the right VPN settings to allow access to the 192.168.156.0 network. I havent worked on a sonicwall in several years and really cant help there.
What are the address objects for the VPN on the sonicwall? It sounds like you're missing the voip VLAN?
ASKER
We have the remote VPN sites on 192.168.20.0, 192.168.30.0 and so on .. All accessing the VLAN1 (and vice versa) but not the VLAN10
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
if it is enabled try using the VLAN 10 ip address as the gateway for the VOICE servers.
also try pinging the remote PC's from the 3750, and try a trace and see where it fails (from 3750 command prompt: trace remoteip)