Routing between VLANs - Cisco Router

Experts,

I have a Cisco UC5xx device which is an all-in-one box that does switching, firewall and VOIP.
My device has 8 switchports built in.  This box comes default with vlan 1 (data-192.168.10.x) and vlan 100 (voice-10.1.1.x).

There is a host on a separate (not part of UC5xx) network that the users behind this network needs access to.  I created a vlan 200 and assigned an ip of 10.0.0.254.  I then assigned a port to access vlan of 200.  I plugged this port to the separate network and my UC5xx can now ping that outside host (10.0.0.15).

The problem I'm having is with the hosts behind the UC5xx on the data vlan pinging this outside host on vlan 200.  

Please assist.

LVL 4
Pro4iaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pro4iaAuthor Commented:
i tried to attach a relevant config here.. let me know if you're missing something
ip nat inside source route-map SDM_RMAP_1 interface FastEthernet0/0 overload

interface Vlan1
 no ip address
 bridge-group 1
 bridge-group 1 spanning-disabled
 !
!
interface Vlan100
 no ip address
 bridge-group 100
 bridge-group 100 spanning-disabled
 !
!
interface Vlan200
 no ip address
 bridge-group 200
 !
!
interface BVI1
 description $FW_INSIDE$
 ip address 192.168.10.1 255.255.255.0
 ip access-group 101 in
 ip nat inside
 ip inspect SDM_LOW in
 ip virtual-reassembly
 !
!
interface BVI
100
 description $FW_INSIDE$
 ip address 10.1.1.1 255.255.255.0
 ip access-group 102 in
 ip nat inside
 ip inspect SDM_LOW in
 ip virtual-reassembly
 !
!
interface BVI200
 description VLAN for MFP$FW_DMZ$
 ip address 10.0.0.254 255.255.255.0
 ip access-group 103 in
 ip inspect dmzinspect out
 !
!
access-list 101 remark auto generated by SDM firewall configuration##NO_ACES_7##
access-list 101 remark SDM_ACL Category=1
access-list 101 deny   ip 10.1.10.0 0.0.0.3 any
access-list 101 deny   ip 10.0.0.0 0.0.0.255 any
access-list 101 deny   ip 10.1.1.0 0.0.0.255 any
access-list 101 deny   ip 98.113.167.0 0.0.0.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 permit ip any any
access-list 102 remark auto generated by SDM firewall configuration##NO_ACES_9##
access-list 102 remark SDM_ACL Category=1
access-list 102 permit tcp 10.1.10.0 0.0.0.3 any eq 2000
access-list 102 permit udp 10.1.10.0 0.0.0.3 any eq 2000
access-list 102 deny   ip 10.1.10.0 0.0.0.3 any
access-list 102 deny   ip 10.0.0.0 0.0.0.255 any
access-list 102 deny   ip 192.168.10.0 0.0.0.255 any
access-list 102 deny   ip 98.113.167.0 0.0.0.255 any
access-list 102 deny   ip host 255.255.255.255 any
access-list 102 deny   ip 127.0.0.0 0.255.255.255 any
access-list 102 permit ip any any
access-list 103 permit ip host 10.0.0.15 any
access-list 104 permit ip 10.1.10.0 0.0.0.3 any
access-list 104 permit ip 192.168.10.0 0.0.0.255 any
access-list 104 permit ip 10.1.1.0 0.0.0.255 any
access-list 104 permit ip 57.57.57.0 0.0.0.255 any
access-list 104 permit ip 56.56.56.0 0.0.0.255 any
access-list 104 permit ip 55.55.55.0 0.0.0.255 any
access-list 104 permit ip 192.168.50.0 0.0.0.255 any

route-map SDM_RMAP_1 permit 1
 match ip address 104
!

bridge 1 route ip
bridge 100 route ip
bridge 200 protocol ieee
bridge 200 route ip

Open in new window

0
Istvan KalmarHead of IT Security Division Commented:
Please show the whole config
0
OzNetNerdCommented:
Please paste the entire running config.

Thanks.
0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

Jody LemoineNetwork ArchitectCommented:
As the previous experts have already indicated, a full configuration would be more useful for troubleshooting.

That said, there are a few things I would look at based on the symptoms you're describing.  First, is the host at 10.0.0.15 using 10.0.0.254 as its default gateway?  If not, does it have routes in place for the networks it needs to reach on the UC5xx?  If not, does the device that it *is* using for a default gateway have routes in place for the networks on the UC5xx?  If the answer is "no" to all of these, then the host doesn't know how to reach your 192.168.10.0 and 10.1.1.0 networks and the connections fail.

In scenarios like this, routing is usually the first place to look.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Pro4iaAuthor Commented:
i'll try to get the whole config as I'm not on site today.. but as jodylemoine mentioned, i'm working to add a static route to the gateway of 10.0.0.x network.. it's not 10.0.0.254 for sure so i'll need to tell it to goto 10.0.0.254 to get to the 192.168.10.x network.
0
Pro4iaAuthor Commented:
with the added routes on the other firewall, everything is working as it should. thanks.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.