Solved

Cisco 3750... two vlans two seperate gateways

Posted on 2014-09-10
9
199 Views
Last Modified: 2014-12-19
I apologize if this question is stupid. I'm building experience.

So at our colo we have a cisco 3750. We have multiple windows servers in two different vlans each with a gateway on the switch.
Servers in vlan 17 have the gateway of 172.17.17.5 (my switch)
Servers in vlan 16 have the gateway of 172.17.16.5 (my switch)

we have a managed firewall service at the colo. They give us two zones. Each zone has it's own gateway on the managed service firewall.

172.17.17.5 (the switch) next hop is 172.17.17.1 (managed service firewall zone 1)
172.17.16.5 (the switch) next hop is 172.17.16.1 (managed service firewall zone 2)

Currently, all windows servers in .17 can access the internet and ping 172.17.17.1 (manged services zone 1).
Nothing in .16 can access the internet nor can they ping 172.17.16.1.

From my switch I can ping both 172.17.17.1 and 172.17.16.1.
The all zeros route is 0.0.0.0 0.0.0.0 172.17.17.1 10

I'm a little new to this, how can I get the 172.17.16.x servers to get to their next hop of 172.17.16.1?

Thanks,
0
Comment
Question by:mauisun
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 1

Author Comment

by:mauisun
ID: 40315719
... and the windows hosts are vmware vm's on the same hosts. vlan 16 on one NIC and vlan 17 on another NIC.
0
 
LVL 4

Expert Comment

by:rlarian
ID: 40315746
do you have 2 connections to the firewall service? if so, change the default route to be .1
if not, you'll need to do policy based routing. this should help get you started.
0
 
LVL 1

Author Comment

by:mauisun
ID: 40315747
I have two connections from the firewall.
0
Is your NGFW recommended by NSS Labs?

Ours is! NSS Labs Next Generation Firewall Test gives the WatchGuard Firebox M4600 a "Recommended" rating! Curious where your NGFW landed on the  Security Value Map? See the map and download the full report today!

 
LVL 4

Expert Comment

by:rlarian
ID: 40315755
is there a reason that you have the gateway set as your switch? if you change the default gateway for the servers to .1, that should solve your issue.
0
 
LVL 1

Author Comment

by:mauisun
ID: 40315759
If I change the gateway to .1, I can see the internet but I lose connection internal, meaning from my desk at HQ I can't see the servers anymore.
0
 
LVL 4

Expert Comment

by:rlarian
ID: 40315764
how are you connected to the servers? if the switch is acting as a router for other networks (your desk) add a static route for your network pointing to the .5 address.
0
 
LVL 1

Author Comment

by:mauisun
ID: 40317806
I connect from my desk to our switch stack -->EPL-->Colocation Switch
The switch is the gateway for the network there.
I just got off the phone with the engineers at the colo, they said add a route to the switch that tells the switch to forward all zeros traffic from 172.17.16.x hosts to 172.17.16.1. How to do that?
0
 
LVL 4

Accepted Solution

by:
rlarian earned 500 total points
ID: 40318217
you're getting in to policy based routing to do that.
if you add a route for your network (10.10.10.0 or what ever it is)  to point to 172.17.16.5 and change the gateway back to .1 - this should solve both internet access for servers and your access to the servers.
0
 
LVL 1

Author Closing Comment

by:mauisun
ID: 40509637
Good solution. I used this guidance to split my network physically.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question