techspeciali
asked on
Routers ports, differents lan, can''t communicate
Hi,
I have a router witch layer 3 ports.
I want to that two of my ports (different lan) communicate together.
I already created access-list just to test with ''any '' as a inbound and outbound on my two interfaces, and nothing happened.
I can ping from port A, port B, but i can't ping what's is plug into those ports.
Any suggestions?
I have a router witch layer 3 ports.
I want to that two of my ports (different lan) communicate together.
I already created access-list just to test with ''any '' as a inbound and outbound on my two interfaces, and nothing happened.
I can ping from port A, port B, but i can't ping what's is plug into those ports.
Any suggestions?
Soulja
Lol. Can you post the configs?
ASKER
sername ----- privilege 15 password 0 ------
!
!
archive
log config
hidekeys
!
vlan internal allocation policy ascending
!
!
!
!
!
interface GigabitEthernet0/0
description ***************
ip address 10.X.0.101 255.255.255.0
ip access-group any in
ip access-group any out
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
description ***************
ip address 10.X.192.10 255.255.255.0
ip access-group any in
ip access-group any out
duplex auto
speed auto
media-type rj45
!
interface FastEthernet1/0
no switchport
no ip address
shutdown
!
interface FastEthernet1/1
switchport trunk native vlan 168
shutdown
!
interface FastEthernet1/2
switchport trunk native vlan 93
shutdown
!
interface FastEthernet1/3
shutdown
!
interface FastEthernet1/4
shutdown
!
interface FastEthernet1/5
shutdown
!
interface FastEthernet1/6
shutdown
!
interface FastEthernet1/7
shutdown
!
interface FastEthernet1/8
shutdown
!
interface FastEthernet1/9
shutdown
!
interface FastEthernet1/10
shutdown
!
interface FastEthernet1/11
shutdown
!
interface FastEthernet1/12
shutdown
!
interface FastEthernet1/13
shutdown
!
interface FastEthernet1/14
shutdown
!
interface FastEthernet1/15
switchport access vlan 20
!
interface GigabitEthernet1/0
description TO BLADECENTER
switchport mode trunk
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan20
ip address 10.20.20.1 255.255.255.252
!
ip forward-protocol nd
ip route 10.X.192.0 255.255.255.0 GigabitEthernet0/1 permanent
!
!
ip http server
ip http authentication local
ip http secure-server
!
ip access-list extended Blade_to_VEQ
remark SDM_ACL Category=1
remark ActiveDirectory1_VEQ
permit ip host 10.X.0.10 10.93.192.0 0.0.0.255
remark ActiveDirectory2_VEQ
permit ip host 10.X.0.11 10.93.192.0 0.0.0.255
remark ConceptSVR_VEQ
permit ip host 10.22.0.14 10.93.192.0 0.0.0.255
remark loopback
permit ip 10.X.0.0 0.0.0.255 10.22.0.0 0.0.0.255
ip access-list extended ConceptWireless
remark SDM_ACL Category=1
remark ToSVR_Frontiere
permit ip 10.X.Y.0 0.0.0.255 10.22.0.0 0.0.255.255
remark loopback
permit ip 10.X.Y.0 0.0.0.255 10.93.192.0 0.0.0.255
ip access-list extended Out_to_ASA_G01
remark SDM_ACL Category=1
permit ip host 10.x.0.14 10.x.192.0 0.0.0.255
permit ip host 10.22.0.10 10.x.192.0 0.0.0.255
ip access-list extended any
remark SDM_ACL Category=1
permit ip any any
ip access-list extended test
remark SDM_ACL Category=1
permit ip 10.X.192.0 0.0.0.255 host 10.22.0.14
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
AS you can see, i need that interface GigabitEthernet0/0 to communicate with interface GigabitEthernet0/1
From a PC connected in interface GigabitEthernet0/0 I can ping GigabitEthernet0/1, but i can't ping the ASA that is connected in interface GigabitEthernet0/1.
Thx
!
!
archive
log config
hidekeys
!
vlan internal allocation policy ascending
!
!
!
!
!
interface GigabitEthernet0/0
description ***************
ip address 10.X.0.101 255.255.255.0
ip access-group any in
ip access-group any out
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
description ***************
ip address 10.X.192.10 255.255.255.0
ip access-group any in
ip access-group any out
duplex auto
speed auto
media-type rj45
!
interface FastEthernet1/0
no switchport
no ip address
shutdown
!
interface FastEthernet1/1
switchport trunk native vlan 168
shutdown
!
interface FastEthernet1/2
switchport trunk native vlan 93
shutdown
!
interface FastEthernet1/3
shutdown
!
interface FastEthernet1/4
shutdown
!
interface FastEthernet1/5
shutdown
!
interface FastEthernet1/6
shutdown
!
interface FastEthernet1/7
shutdown
!
interface FastEthernet1/8
shutdown
!
interface FastEthernet1/9
shutdown
!
interface FastEthernet1/10
shutdown
!
interface FastEthernet1/11
shutdown
!
interface FastEthernet1/12
shutdown
!
interface FastEthernet1/13
shutdown
!
interface FastEthernet1/14
shutdown
!
interface FastEthernet1/15
switchport access vlan 20
!
interface GigabitEthernet1/0
description TO BLADECENTER
switchport mode trunk
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan20
ip address 10.20.20.1 255.255.255.252
!
ip forward-protocol nd
ip route 10.X.192.0 255.255.255.0 GigabitEthernet0/1 permanent
!
!
ip http server
ip http authentication local
ip http secure-server
!
ip access-list extended Blade_to_VEQ
remark SDM_ACL Category=1
remark ActiveDirectory1_VEQ
permit ip host 10.X.0.10 10.93.192.0 0.0.0.255
remark ActiveDirectory2_VEQ
permit ip host 10.X.0.11 10.93.192.0 0.0.0.255
remark ConceptSVR_VEQ
permit ip host 10.22.0.14 10.93.192.0 0.0.0.255
remark loopback
permit ip 10.X.0.0 0.0.0.255 10.22.0.0 0.0.0.255
ip access-list extended ConceptWireless
remark SDM_ACL Category=1
remark ToSVR_Frontiere
permit ip 10.X.Y.0 0.0.0.255 10.22.0.0 0.0.255.255
remark loopback
permit ip 10.X.Y.0 0.0.0.255 10.93.192.0 0.0.0.255
ip access-list extended Out_to_ASA_G01
remark SDM_ACL Category=1
permit ip host 10.x.0.14 10.x.192.0 0.0.0.255
permit ip host 10.22.0.10 10.x.192.0 0.0.0.255
ip access-list extended any
remark SDM_ACL Category=1
permit ip any any
ip access-list extended test
remark SDM_ACL Category=1
permit ip 10.X.192.0 0.0.0.255 host 10.22.0.14
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
AS you can see, i need that interface GigabitEthernet0/0 to communicate with interface GigabitEthernet0/1
From a PC connected in interface GigabitEthernet0/0 I can ping GigabitEthernet0/1, but i can't ping the ASA that is connected in interface GigabitEthernet0/1.
Thx
Do you have the gateway on the PC and the ASA configured to the respective port that are connected to?
ASKER
Yes...on my pc, my gateway is GigabitEthernet0/0 ,
but on my asa, i have no gateway...
but on my asa, i have no gateway...
ASKER
I just put a pc to replace the ASA (connected directly to GigabitEthernet0/1) and I was able to ping my two differents Lan's. That's mean that the problem is on the ASA.
Therefore I have to have a gateway on my ASA configured to my respective port.?
If yes, how can I configure it on my ASA?
Thx again
Therefore I have to have a gateway on my ASA configured to my respective port.?
If yes, how can I configure it on my ASA?
Thx again
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.