Solved

HP Procurve 2910 VLAN routing to Cisco ASA Issue

Posted on 2013-01-03
4
1,560 Views
1 Endorsement
Last Modified: 2013-01-04
I have a Cisco ASA 5510 as my firewall.  the ASA is connected to an HP Procurve 2910.  I have a couple of VLANs configured on the Procurve.  Only the VLAN with the connection to the ASA  (VLAN 10)  can access the internet.  

How do I create a route for the other VLANs to the internet?  My Procurve config is listed below:

hostname "ProCurve 2910al-48G Switch"
module 1 type J9147A
ip routing
vlan 1
   name "DEFAULT_VLAN"
   untagged 21-48
   ip address dhcp-bootp
   no untagged 1-20
   exit
vlan 10
   untagged 1-10
   ip address 10.117.7.1 255.255.255.0
   exit
vlan 20
   untagged 11-20
   ip address 10.117.5.1 255.255.255.0
   exit
ip route 0.0.0.0 0.0.0.0 10.117.7.254
snmp-server community "public" unrestricted
password manager

show ip route:
 IP Route Entries

  Destination        Gateway         VLAN Type      Sub-Type   Metric     Dist.
  ------------------ --------------- ---- --------- ---------- ---------- -----
  0.0.0.0/0          10.117.7.254    10   static               1          1    
  10.117.5.0/24      Clients         20   connected            1          0    
  10.117.7.0/24      Servers         10   connected            1          0    
  127.0.0.0/8        reject               static               0          0    
  127.0.0.1/32       lo0                  connected            1          0    



Thanks for your help!
1
Comment
Question by:jmichael18
  • 2
4 Comments
 
LVL 5

Assisted Solution

by:Leeeee
Leeeee earned 100 total points
ID: 38742089
Users in VLAN 20 will use the default route (ip route 0.0.0.0 0.0.0.0 ASA) to get to the internet, you won't need to configure another route on the Procurve.

Do you have static routes on the ASA pointing back to the other networks on the Procurve?

I assume NAT is configured correctly for the 10.117.5.0/24 network on the ASA?

Please post config of the ASA if the above doesn't resolve your issue.
0
 
LVL 17

Expert Comment

by:jburgaard
ID: 38742133
As Leeeee pointed out on the 10.117.7.254 you need
ip route 10.117.5.0/24 via gateway 10.117.7.1

Also all hosts should have the IP of their vlan as default-gateway  (like 10.117.5.1 in vlan 20).
0
 
LVL 34

Accepted Solution

by:
Istvan Kalmar earned 400 total points
ID: 38742204
Hi,

You need on asa:

nat (inside) 1 10.117.5.0 255.255.255.0
route inside 10.117.5.0 255.255.255.0 10.117.5.01
0
 
LVL 5

Expert Comment

by:Leeeee
ID: 38742219
Cool Hijacks
0

Featured Post

MIM Survival Guide for Service Desk Managers

Major incidents can send mastered service desk processes into disorder. Systems and tools produce the data needed to resolve these incidents, but your challenge is getting that information to the right people fast. Check out the Survival Guide and begin bringing order to chaos.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question