Solved

Routing issue

Posted on 2010-08-27
7
417 Views
Last Modified: 2012-05-10
Hi,
I have one core switch catalyst 4506 having following VLAN's
Vlan 10 (GW 172.188.110.254)
Vlan11 (GW 172.188.111.254)
Vlan12 (GW 172.188.112.254)
Vlan13 (GW 172.188.113.254)
One Juniper firewall SSG-140 in which one ADSL connection is configured for the internet purpose (IP is 172.188.110.9)
One Cisco 1700 series router for the leased line (IP is 172.188.110.50) for site A and for the site B the IP is 172.188.100.50.

The routing is  172.188.110.50 --> core switch --> 172.188.110.9. All the users are connected to the core switch directly and having GW 172.188.110.254 and in the core switch we have added default route 0.0.0.0 0.0.0.0 via 172.188.110.9
As of now we have one exchange server in which we have added one windows static route to pass its traffic through .50 ( cisco router), rest all the users are not able to route through .50 since they are going out from juniper.

I want all my users to access the site B network which is 172.188.100.0/24 and for the internet purpose the traffic should go out from Juniper as well.

Please advise.
0
Comment
Question by:tayyabq8
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
7 Comments
 
LVL 9

Expert Comment

by:ffleisma
ID: 33541426
you'd probably need a static route on your core switch pointing towards 172.188.100.0/24. it would go something like this

core(config)#ip route 172.188.100.0 0.0.0.255 nexthop-ip

next hop ip would be the interface on your A router. Off course with this, your A router should know where 172.188.100.0.24 would be. Are you running a dynamic routing protocol between site A and B? or do you wish to accomplish this my static routes only? if you wish to accomplish this using static routes, you would then need to add a static route (or a default route as it only has one exit) on site B router towards router A.

as a side note, i see your using a public ip addressing on your site B, you might encounter some problems on accessing real public ip address with the same range.

I've attached a diagram from what i understand, kindly advise if i got i wrong, clarify then i may discuss further.

hope this helps :-)
diagram.jpg
0
 

Author Comment

by:tayyabq8
ID: 33543350
Hi ffleisma,

Thank you for your reply.

There is one more part which i did not discuss, that the juniper firewall 172.188.110.9 is connected to the site B juniper firewall which is 172.188.100.5 through public IP. Rest all the topology is fine.We are using static routing.

I have following concerns regarding this
1. Why we are adding the wild card mask instead of subnet mask in the IP ROUTE?
2.I have checked by adding the route "ip route 172.188.100.0 255.255.255.0 172.188.110.50" but it did not work. If i will take the tracert from a system connected to VLAN 10, its still going out through juniper i.e. 172.188.110.9.
3. As of now i am able to reach 172.188.100.0 network by adding the windows static route for the VLAN 10 systems which mean the static routes are added to the both side routers.

0
 
LVL 9

Expert Comment

by:ffleisma
ID: 33543441
sorry about that, wrong syntax on my mask,

where did you place the ip route? on router A or at the core (4506), it should be placed at the core, pointing at the ip address of the interface connected to router A, not 172.188.110.50.

then router A should have the ip route 172.188.100.0 255.255.255.0 172.188.110.50. then try tracert. and trace the packet.

does that make sense? give it a try and let me know.

hope it helps :-)
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:tayyabq8
ID: 33543803
yes it makes sense.

The router interface IP is 172.188.110.50, i do not have access to the router, let me check from my vendor and i hope it will work.

i will let you posed the result. Thx

0
 

Author Comment

by:tayyabq8
ID: 33552163
Hi,

What I understand from your posted diagram that you are assuming 172.188.110.50 and 172.188.100.50 are pointing towards each other, that is not the case, 192.168.16.74 (router A) and 192.168.16.70 (router B) are configured by ISP and they are pointing towards each other, 172.188.x.x are our internal IP addresses, apart from this, your posted diagram is perfectly fine, meanwhile I wanted to clarify below point with you:

where did you place the ip route? on router A or at the core (4506), it should be placed at the core, pointing at the ip address of the interface connected to router A, not 172.188.110.50

I placed the route at core (4506) using command core(config)#ip route 172.188.100.0 255.255.255.0 172.188.110.50

but still I'm not able to ping 172.188.110.50 from other vlans, is there something wrong? 172.188.110.50 is connected with my network (172.188.110.x) because I'm able to access it from 172.188.110.x network but not from other vlans. Please advise.

PS: Sorry I couldn't get password for Router A and Router B from ISP, so can't share more information on that.
0
 
LVL 2

Accepted Solution

by:
keakathleen earned 500 total points
ID: 33591690
If you do not have access to the routers, then I am not sure that you will be able to route the traffic unless your ISP agrees to do so. Router B needs to have an interface in vlan 172.188.110.x and Router A needs to know how to forward this traffic through an IP route to Router B. Since it's a private vlan, your ISP may or may not agree to do this.
0
 

Author Closing Comment

by:tayyabq8
ID: 33767193
ISP took care of the routing between remote sites.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question