John Chuma
asked on
One VLAN is not able to access the internet.
I have one VLAN, VLAN20 (Voice) that is not able to access the internet.
A former MSP configured this and I am not sure how this is working. The trunk port is setup as an access port for VLAN255 (Management Network) and that it.
I will upload the running config for the ASA as well as the C3560G as well as a hand drawn diagram of the environment.
In the Layer 3 switch, the default route is 0.0.0.0 0.0.0.0 10.152.255.1
Please let me know if you need anything other than the running-configs and the diagram.
A former MSP configured this and I am not sure how this is working. The trunk port is setup as an access port for VLAN255 (Management Network) and that it.
I will upload the running config for the ASA as well as the C3560G as well as a hand drawn diagram of the environment.
In the Layer 3 switch, the default route is 0.0.0.0 0.0.0.0 10.152.255.1
Please let me know if you need anything other than the running-configs and the diagram.
ASKER
Please see attached running configs and network map.
The phone server on VLAN20 is handing out DHCP. The gateway for VLAN20 is 10.8.110.1, which is a router that I do not have control over. IO was told the default route on that devices goes to 192.168.1.254.
Map_Configs.zip
The phone server on VLAN20 is handing out DHCP. The gateway for VLAN20 is 10.8.110.1, which is a router that I do not have control over. IO was told the default route on that devices goes to 192.168.1.254.
Map_Configs.zip
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you PreDrag and RoohAllah!
I am still trying to figure out how/why this network was setup this way.
The 172.18.2.0/24 is a remote location's data network as they need access to a share on the server. There is a separate phone network there, but the guys who handle the phones mentioned they didn't know what 172.18.108.0/24 is.
The original IP range for VLAN20 was 10.8.110.0/24 and were able to have their voice messages set to email (this is all that needs to happen). For some reason, their old MSP decided to change that IP range to 10.152.200.0/24 (I realized why they did this just now.... the route statement of 10.152.0.0 255.255.0.0 10.152.255.2 1). The site needed to revert back to 10.8.110.0/24 as that was the IP range assigned to this site for 3 digit dialing.
Once VLAN20 was re-iped, the voice mail to email piece was broken and they really liked that feature. Everything is setup in the phone server to send the email via O365. I understand the security piece. If I wanted to only have the phone server communicate with O365, could I use the following route statement in the ASA: "route inside 10.8.110.5 255.255.255.255 10.152.255.2 1"?
Please let me know and thank you for your guidance!
I am still trying to figure out how/why this network was setup this way.
The 172.18.2.0/24 is a remote location's data network as they need access to a share on the server. There is a separate phone network there, but the guys who handle the phones mentioned they didn't know what 172.18.108.0/24 is.
The original IP range for VLAN20 was 10.8.110.0/24 and were able to have their voice messages set to email (this is all that needs to happen). For some reason, their old MSP decided to change that IP range to 10.152.200.0/24 (I realized why they did this just now.... the route statement of 10.152.0.0 255.255.0.0 10.152.255.2 1). The site needed to revert back to 10.8.110.0/24 as that was the IP range assigned to this site for 3 digit dialing.
Once VLAN20 was re-iped, the voice mail to email piece was broken and they really liked that feature. Everything is setup in the phone server to send the email via O365. I understand the security piece. If I wanted to only have the phone server communicate with O365, could I use the following route statement in the ASA: "route inside 10.8.110.5 255.255.255.255 10.152.255.2 1"?
Please let me know and thank you for your guidance!
You may use that route but this route will send your packets out to your GW and its not related to your main concern about sending voice mails via email. This is a L7 (application layer) perspective and you should check your voice server (VoIP ?) and O365 configurations.
I'm assuming that your O365 server is not local; so to connect your VoIP to it, you should use a valid IP (IPs that assign to your WAN). Now you can use NAT to transfer designated request to your internal network. But before that, you must understand that how this scenario was working and set it up again with your new IP plan.
I'm assuming that your O365 server is not local; so to connect your VoIP to it, you should use a valid IP (IPs that assign to your WAN). Now you can use NAT to transfer designated request to your internal network. But before that, you must understand that how this scenario was working and set it up again with your new IP plan.
ASKER
Sorry for not updating you guys sooner.
I added in the route and everything is good.
Thank you for your help!
I added in the route and everything is good.
Thank you for your help!
You're welcome.
My pleasure
Please provide a map from your network. This is very important to know how do you connect your network to the internet. Please check these items:
1- Since you are using ASA, you should check your NAT.
2- Also since you are using Cisco devices in your network, you may want to check ACLs as well on all of your devices.
Depending on your scenario, there are several items that cause this issue.