HP Procurve SVI not passing internet

good day,

I am a NOOB so excuse me if i may not get the terminology correct.

I am running VMWARE and i have created a few VMs that are segmented by VLANs.

I am having issues in passing internet through my SVI.

VLAN200
ip address 192.168.200.250 255.255.255.0

VLAN201
ip address 192.168.201.250 255.255.255.0

VLAN202
ip address 192.168.202.250  255.255.255.0


As an example i am able to ping the SVI address VLAN202 192.168.202.250  from the client machine no problem and visa versa. With the exception of the ISP DNS

I believe i have trunked all necessary ports to allow all VLANS.

I may have a routing problem

If i have missed something can you please guide?

regards.
IBSITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JustInCaseCommented:
If you can ping your WAN question is:
Did you add those VLANs to be NATTED on edge router?
:)
0
IBSITAuthor Commented:
I have  a Sonicwall as the Internet Gateway. you are telling me that i need the VLAns in there?
0
JustInCaseCommented:
You have to NAT traffic somewhere, traffic with public IP addresses will be dropped as soon as it reaches ISP router. I am not familiar with your topology so I can't tell you exactly where you need to do it.
If you are using L3 link between SonicWall and L3 switch, no need for VLANs to reach SonicWall, but you need to change nat statement to allow IP addresses from new VLANs to be natted.
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

JustInCaseCommented:
let's say that you had just one ip address range and that your ip addresses were 192.168.0.1/24.
And you added IP address 192.168.200.0/24

your access-list for NAt could look like
access-list 1 permit 192.168.200.0 0.0.0.255

and that will not NAT traffic from any other IP address range.
So you should add 192.168.201.0/24 network to access-list...

access-list 1 permit 192.168.200.0 0.0.0.255
access-list 1 permit 192.168.201.0 0.0.0.255

or change wildcard mask to
access-list 1 permit 192.168.200.0 0.0.1.255
or any other way you like, so both subnets could be natted.
0
IBSITAuthor Commented:
Attaching a drawing to see if it makes sense...Oh btw I have a route on the L3 switch

0.0.0.0 0.0.0.0 192.168.201.2
Drawing.png
0
JustInCaseCommented:
Try to ping SonicWall from those VLANs (you can try to ping your WAN port on it). If you can ping WAN port than most certanly you need to NAT traffic, if you can't ping it you may also some miss route on SonicWall to point to core switch as next hop for those VLANs. If you are missing route on SonicWall than ping from those VLANs fill fail when you try to ping 192.168.201.2 (SonicWall has no routes to 192.168.202.0 or for whatever VLAN you added recently)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
IBSITAuthor Commented:
From VLAN4 i can ping 192.168.201.2 no problem (Access to the internet)
VLAN 200 has  a route in its Sonicwall to get to Vlan4 Subnet they have their independent Internet Gateway.
It is VLAN202 that is having the problem, I can ping  the SVI from within a device within that VLAN and also 192.168.201.5 as well as any other devices with the 192.168.201.5 Gateway.
0
JustInCaseCommented:
Then, most likely , you only need to NAT traffic.
0
IBSITAuthor Commented:
So i need to create a rule in the firewall to NAT the VLAN202?
0
JustInCaseCommented:
Yes.
:)
0
IBSITAuthor Commented:
Source =
Destination =
Gateway =

???
0
JustInCaseCommented:
That is NAT rule you need to create, (so there should not be gateway - at least not at Cisco) I am not familiar with SonicWall firewalls, so I can help you with that. I guess that you can find current NAT statement in your current configuration and do the same except that source would be different IP range(s).
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.