site to site VPN issues with vlans...
okay, so we are having trouble routing traffic between two of our vlans across our site vpn.
overview:
both sites have a cisco asa 5505,
both sites have an hp switch 2910 / 2920 poe with vlan1 for data and a vlan20 for voice,
we are able to route across each vlan locally and across the vpn, apart from vlans 20 to 20.
The switch configs are virtually the same working as a L3 switch, and sending all traffic to the firewall.
Our managed firewall company are saying they can ping each vlan20 from the firewall and pointing the finger at the switches. im not so sure..
here is the 2 site switch configs:
Running configuration:
; J9148A Configuration Editor; Created on release #W.15.08.0012
; Ver #02:11.05:16
hostname "HP-E2910al-48G-PoE"
module 1 type j9148a
mirror-port 5
power-over-ethernet pre-std-detect
qos type-of-service diff-services
timesync sntp
sntp unicast
sntp server priority 1 87.124.126.49
sntp server priority 2 178.79.165.21
time timezone 60
ip authorized-managers 172.19.0.0 255.255.0.0 access manager
ip authorized-managers 172.16.0.0 255.255.0.0 access manager
ip authorized-managers 10.255.255.0 255.255.255.128 access manager
ip authorized-managers 192.168.2.0 255.255.255.0 access manager
ip authorized-managers 192.168.3.0 255.255.255.0 access manager
ip authorized-managers 10.255.254.0 255.255.255.128 access manager
ip authorized-managers 192.168.100.0 255.255.255.0 access manager
ip authorized-managers 192.168.200.0 255.255.255.0 access manager
ip default-gateway 172.19.10.15
no ip icmp redirects
ip route 0.0.0.0 0.0.0.0 172.19.10.15
ip routing
interface 1
name "to HP1910 (top)"
no power-over-ethernet
exit
interface 2
name "tp HP1910 (bottom)"
no power-over-ethernet
exit
interface 3
name "to ASA 5505 fe01"
no power-over-ethernet
exit
interface 4
name "Cisco_AP_172.19.3.20"
exit
interface 5
no power-over-ethernet
exit
interface 6
no power-over-ethernet
exit
interface 7
name "Shoretel E1k"
speed-duplex 100-full
exit
interface 8
name "Shoretel SG90"
speed-duplex 100-full
exit
interface 9
name "Shoretel SG90Bri"
speed-duplex 100-full
exit
interface 10
name "chi-Oaisys"
exit
interface 11
name "Shoretel HQ"
exit
interface 12
name "Ingate"
exit
interface 19
name "Test Phone"
exit
interface 21
name ""
exit
interface 25
name ""
exit
interface 31
name ""
exit
snmp-server community "public" unrestricted
snmp-server contact "IT"
vlan 1
name "DEFAULT_VLAN"
no untagged 7-48
untagged 1-6
ip address 172.19.4.5 255.255.0.0
exit
vlan 20
name "Voice"
untagged 7-12
tagged 13-48
ip address 172.16.4.5 255.255.0.0
ip helper-address 172.19.10.17
ip helper-address 172.19.10.18
qos dscp 101110
voice
exit
no autorun
password manager
--------------------------
Running configuration:
; J9727A Configuration Editor; Created on release #WB.15.12.0015
; Ver #05:18.41.ff.35.0d:9b
hostname "HP-2920-24G-PoEP-Bristol"
module 1 type j9727a
qos type-of-service diff-services
timesync sntp
sntp unicast
sntp server priority 1 85.119.80.233
sntp server priority 2 87.124.126.49
ip authorized-managers 172.19.0.0 255.255.0.0 access manager
ip authorized-managers 192.168.2.0 255.255.255.0 access manager
ip authorized-managers 172.16.0.0 255.255.0.0 access manager
ip authorized-managers 10.255.255.0 255.255.255.128 access manager
ip authorized-managers 192.168.3.0 255.255.255.0 access manager
ip authorized-managers 10.255.254.0 255.255.255.128 access manager
ip authorized-managers 192.168.100.0 255.255.255.0 access manager
ip authorized-managers 192.168.200.0 255.255.255.0 access manager
ip default-gateway 192.168.2.1
no ip icmp redirects
ip route 0.0.0.0 0.0.0.0 192.168.2.1
ip routing
interface 1
name "to ASA 5505 fe01"
exit
interface 3
name "Phoenix LAN"
exit
interface 24
name "Shoretel Phone"
exit
snmp-server community "public" unrestricted
snmp-server contact "IT"
oobm
ip address dhcp-bootp
exit
vlan 1
name "DEFAULT_VLAN"
no untagged 21-24
untagged 1-20,A1-A2,B1-B2
ip address 192.168.2.4 255.255.255.0
exit
vlan 20
name "Voice"
untagged 21-24
ip address 192.168.200.4 255.255.255.0
ip helper-address 192.168.2.17
ip helper-address 192.168.2.22
qos dscp 101110
voice
exit
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager
ideas why this is failing?
thanks
overview:
both sites have a cisco asa 5505,
both sites have an hp switch 2910 / 2920 poe with vlan1 for data and a vlan20 for voice,
we are able to route across each vlan locally and across the vpn, apart from vlans 20 to 20.
The switch configs are virtually the same working as a L3 switch, and sending all traffic to the firewall.
Our managed firewall company are saying they can ping each vlan20 from the firewall and pointing the finger at the switches. im not so sure..
here is the 2 site switch configs:
Running configuration:
; J9148A Configuration Editor; Created on release #W.15.08.0012
; Ver #02:11.05:16
hostname "HP-E2910al-48G-PoE"
module 1 type j9148a
mirror-port 5
power-over-ethernet pre-std-detect
qos type-of-service diff-services
timesync sntp
sntp unicast
sntp server priority 1 87.124.126.49
sntp server priority 2 178.79.165.21
time timezone 60
ip authorized-managers 172.19.0.0 255.255.0.0 access manager
ip authorized-managers 172.16.0.0 255.255.0.0 access manager
ip authorized-managers 10.255.255.0 255.255.255.128 access manager
ip authorized-managers 192.168.2.0 255.255.255.0 access manager
ip authorized-managers 192.168.3.0 255.255.255.0 access manager
ip authorized-managers 10.255.254.0 255.255.255.128 access manager
ip authorized-managers 192.168.100.0 255.255.255.0 access manager
ip authorized-managers 192.168.200.0 255.255.255.0 access manager
ip default-gateway 172.19.10.15
no ip icmp redirects
ip route 0.0.0.0 0.0.0.0 172.19.10.15
ip routing
interface 1
name "to HP1910 (top)"
no power-over-ethernet
exit
interface 2
name "tp HP1910 (bottom)"
no power-over-ethernet
exit
interface 3
name "to ASA 5505 fe01"
no power-over-ethernet
exit
interface 4
name "Cisco_AP_172.19.3.20"
exit
interface 5
no power-over-ethernet
exit
interface 6
no power-over-ethernet
exit
interface 7
name "Shoretel E1k"
speed-duplex 100-full
exit
interface 8
name "Shoretel SG90"
speed-duplex 100-full
exit
interface 9
name "Shoretel SG90Bri"
speed-duplex 100-full
exit
interface 10
name "chi-Oaisys"
exit
interface 11
name "Shoretel HQ"
exit
interface 12
name "Ingate"
exit
interface 19
name "Test Phone"
exit
interface 21
name ""
exit
interface 25
name ""
exit
interface 31
name ""
exit
snmp-server community "public" unrestricted
snmp-server contact "IT"
vlan 1
name "DEFAULT_VLAN"
no untagged 7-48
untagged 1-6
ip address 172.19.4.5 255.255.0.0
exit
vlan 20
name "Voice"
untagged 7-12
tagged 13-48
ip address 172.16.4.5 255.255.0.0
ip helper-address 172.19.10.17
ip helper-address 172.19.10.18
qos dscp 101110
voice
exit
no autorun
password manager
--------------------------
Running configuration:
; J9727A Configuration Editor; Created on release #WB.15.12.0015
; Ver #05:18.41.ff.35.0d:9b
hostname "HP-2920-24G-PoEP-Bristol"
module 1 type j9727a
qos type-of-service diff-services
timesync sntp
sntp unicast
sntp server priority 1 85.119.80.233
sntp server priority 2 87.124.126.49
ip authorized-managers 172.19.0.0 255.255.0.0 access manager
ip authorized-managers 192.168.2.0 255.255.255.0 access manager
ip authorized-managers 172.16.0.0 255.255.0.0 access manager
ip authorized-managers 10.255.255.0 255.255.255.128 access manager
ip authorized-managers 192.168.3.0 255.255.255.0 access manager
ip authorized-managers 10.255.254.0 255.255.255.128 access manager
ip authorized-managers 192.168.100.0 255.255.255.0 access manager
ip authorized-managers 192.168.200.0 255.255.255.0 access manager
ip default-gateway 192.168.2.1
no ip icmp redirects
ip route 0.0.0.0 0.0.0.0 192.168.2.1
ip routing
interface 1
name "to ASA 5505 fe01"
exit
interface 3
name "Phoenix LAN"
exit
interface 24
name "Shoretel Phone"
exit
snmp-server community "public" unrestricted
snmp-server contact "IT"
oobm
ip address dhcp-bootp
exit
vlan 1
name "DEFAULT_VLAN"
no untagged 21-24
untagged 1-20,A1-A2,B1-B2
ip address 192.168.2.4 255.255.255.0
exit
vlan 20
name "Voice"
untagged 21-24
ip address 192.168.200.4 255.255.255.0
ip helper-address 192.168.2.17
ip helper-address 192.168.2.22
qos dscp 101110
voice
exit
no tftp server
no autorun
no dhcp config-file-update
no dhcp image-file-update
password manager
ideas why this is failing?
thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
not BT but manage company
ASKER
guess they will tell me what the fix was..?