PIX vlan routing
Hello
Two VLANs on the PIX 506 to 6.3 interface code. Is it possible to use these logical interfaces in exactly in the same way as physical ones? i.e. access lists can be applied and packets enter the firewall on vlan x and be allowed/denied to the vlan, where x and y are of VLAN on the same physical interface? In other words, as long as they are allowed to do in politics, the packets can route in and out the same physical interface on different VLAN? ASA definitley support this since I've done this numeorus times. However, I remember someone saying that you can't do on a stick with the PIX rouitng. Surely you can? I insist on the 6.3 it is, I use.
Sorry for this very basic question; EAC is not clear. I have no access to our laboratory until Monday to get out either!
Cheers, Steve
Hello
Quick answer is Yes, you can, as long as it's between two interfaces (which may be either phyical or logic). PIX 6.3 does not support them 'on a stick' routing on phyical or logical interfaces (7.0 does however), but between two interfaces is perfectly feasible.
HTH
Andrew.
Tags: Cisco Security
Similar Questions
-
PowerConnect 8024F doesn't have a vlan routing
My Department recently bought a PC8024F (F/W 5.1.2.3) which will VLAN routing. From what I can tell the 8024F is supposed to have VLAN routing but this one is not.
Is there something that miss me, a special version of the F/W or anything that prevents this 8024F to have this feature? VLAN routing is not listed in the web menu and is not recognised when entered the interface vlan via CLI.
Any suggestions or advice is greatly appreciated!
To activate routing LAN VIRTUAL you make sure each VLAN has an IP address assigned to them.
# interface vlan 4
# 192.168.4.1 ip address 255.255.255.0
Customers will have a default gateway of the VLAN they are placed in. Customers in VLAN 4 would be a default gateway of 192.168.4.1.
Then, throughout the world run the following command:
#ip Routing
Who should get things working for you. Page 895 has some other details/information about IP routing.
Thank you
-
PowerConnect 3548P Inter VLAN routing
Hello
I need to help the flow of traffic to and from our new voice VLAN 3. Here is our first series:
3548P
VLAN 1 (data) is 10.0.0.85/24
VLAN 3 (voice) is 10.0.3.9/24
The default gateway of our firewall is 10.0.0.254. Would it be the GW I set up for the switch? I am completely confused!
We also have an another Powerconnect 5524P we want to connect to and route traffic as well. Do we need to add 3 VLAN in there too? If so, I wouldn't need to add a VLAN 3 management interface except perhaps default VLAN 1 correct?
I guess my question is, what other options do I need to enable to do everything 'talk '? I should mention that we also have a Watchguard X550e. I have to configure something there?
If you need more information or background, I can certainly provide.
Thank you!
Thanks for the update, good to hear VLAN routing works.
Try to set the default gateway on the switch. You will use the IP address of the firewall.
Example:
Console (config) #ip - default gateway (IP address of firewall)
If this does not work, then add a static route on the switch that directs traffic on the firewall.
console (config) #ip 0.0.0.0 route 0.0.0.0 (IP address of firewall)
-
Catalyst 6500 Inter-VLAN routing
I have a Cisco 6500 switch and I have a question about routing inter - vlan and the command "IP ROUTING". I use dial-up virtual interfaces (I.e. int vlan 2, int vlan 3, etc.), but I noticed that I don't have the IP ROUTING enabled on my switch but I can route properly between the VLANS. I have even a little ports that I have configured with the command "no switchport" and I assigned an IP address to these ports. On routed ports, there is another switch on the other side configured with an IP address and I am able to ping and route traffic to the other network.
I did some research on this and all the documentation I am able to find talk of how you must enable IP ROUTING to route between the VLANS. I guess that this should only be done if you go to the road to other not directly connected networks.
http://www.ccnpguide.com/CCNP-switch-642-813-inter-VLAN-routing/
Can someone clarify this for me?
For the 6500 Series, IP routing is enabled by default, that so all VLAN can communicate with each other. You don't need to activate as you do for other switches (IE 3560, 3750, 3850, etc...)
HTH
-
RV180 router: impossible to get Inter-VLAN routing to work.
I've been hit in this now for two days and just can't get Inter-VLAN routing to work on this router.
Here is the place is:.
Updated to the latest firmware of Cisco (1.0.1.9).
From default settings, I added 2 VLAN as follows:VLAN (id = 1) default: dhcpmode = port IP=192.168.1.1/24 from server 1
VLAN vlan2 (id = 2): dhcpmode = port IP=192.168.2.1/24 from Server 2
VLAN vlan3 (id = 3): dhcpmode = port IP=192.168.3.1/24 Server 3(without link)
WAN port
|
Routing/NAT
|
--------------------------------------
VLAN ip 192.168.1.1 192.168.2.1 192.168.3.1
name of VLAN by default vlan2, vlan3
VLAN id ID = 1 ID = 2 ID = 3
Inter-VLAN only routing Yes Yes
Excluded excluded unidentified 1 port
2 excluded excluded Untagged port
Port 3 unmarked excluded except
Port 4 (not interest) without excluded tag excluded
--------- -------- --------
1 2 3 Port port
| | |
AdminPC PC3 PC2
192.168.2.191 192.168.3.181PC2 is assigned an IP address of 192.168.2.191 (DGW = 192.168.2.1) - OK
PC3 is assigned an IP address of 192.168.3.181 (DGW = 192.168.3.1) - OK(IP 192.168.2.191) PC2 can ping 192.168.2.1 and 192.168.3.1 - OK
(IP 192.168.3.181) PC3 can ping 192.168.3.1 and 192.168.2.1 - OKBUT...
PC2 cannot ping PC3 - don't DO NOT WORK
PC3 can not ping PC2 - don't DO NOT WORK(does not work in gateway and router Mode)
CAN SOMEONE HELP ME UNDERSTAND WHY?
Your help is very appreciated.
I bought this unit specifically because she supported routing inter - VLAN!
Vlaminck
---------------------------------------------------------------------------
Support information:
Screenshots:
Belonging to a VLAN:
VLAN ID Description Inter VLAN device Port 1 Port 2 Port 3 Port 4
Routing Mgment
1 default disabled enabled unmarked excluded excluded unlabeled
2 active active VLAN2 excluded unmarked excluded excluded
Unmarked 3 VLAN3 active active excluded excluded excludedSeveral subnets VLAN:
VLAN ID IP address Subnet Mask DHCP DNS Proxy Mode status
1 192.168.1.1 255.255.255.0 DHCP Server enabled
2 192.168.2.1 255.255.255.0 DHCP Server enabled
3 192.168.3.1 255.255.255.0 DHCP Server enabledRouting table (Bridge Mode)
Destination Gateway Genmask Metric Ref use Interface Type flags
127.0.0.1 127.0.0.1 255.255.255.255 1 0 0 static lo upward, gateway, host
192.168.3.0 0.0.0.0 255.255.255.0 0 0 0 dynamic bdg3 to the TOP
192.168.2.0 0.0.0.0 255.255.255.0 0 0 0 dynamic bdg2 upward
192.168.1.0 0.0.0.0 255.255.255.0 0 0 0 static bdg1 to the TOP
192.168.1.0 192.168.1.1 255.255.255.0 1 0 0 static bdg1 upward, gateway
127.0.0.0 0.0.0.0 255.0.0.0 0 0 0 lo dynamicRouting table (router Mode)
(Ditto)
Hello
It's not because the pings are allowed on the same subnet that they come from a different subnet.
You probably have a firewall problem windows software because that by default, it removes a different subnet icmp echoes.
Concerning
Alain
Remember messages useful rate.
-
Hello
I'm get inter vlan routing to work on a 300-24 ports switch DF. I have a network of business existing on 192.168.111.0 and want to create a vlan on 192.168.1.1 which can talk to 192.168.111.0. I activated the layer 3 routing on the switch through the console and also provided ip routing commands. I have the following VIRTUAL networks:
Vlan1 - default 192.168.111.0
VLAN2 - 192.168.1.0
I turned on DNS and provided my two servers DNS 192.168.111.82 & 192.168.111.212.
I updated the VLAN1 interface 192.168.111.217 and VLAN2 interface 192.168.1.1.
The FE1 - FE15 ports are access ports and assigned to VLAN1 (unidentified)
FE16 - FE24 ports are access ports and assigned to VLAN2 (unidentified)
I put a default route for the switch to 0.0.0.0 0.0.0.0 192.168.111.254 (router Draytek 2600). I have connected a computer (A) at the port of VLAN1 FE3 and a computer (B) to VLAN2 FE16 port. I put its IP address and computer default gateway has to 192.168.111.217 to 192.168.111.94. I updated computer B default gateway 192.168.1.1 and 192.168.1.2 IP.
Computer A has access to the Mdaemon Server files via the network grows but no internet (cannot ping google) and can ping computer B and RDP on computer B.
Computer B can ping computer A and RDP on A computer but do not have access to the company network i.e. MDaemon, file server etc. It can also access the internet.
The console I can ping www.google.co.uk and all the ip addresses in the network of the company i.e. 192.168.111.82 (DNS server). I do not understand what I am doing wrong and have been banging my head for staretd a few days a new job and desperately need to work so any help would be greatly appreciated
If I have computer scanner a wireshark wirh internet starts working wheird!
Show the configuration below:
switch7c0a71 #show run
database of VLAN
VLAN 2
output
Add a voice vlan Yes-table 0001e3 Siemens_AG_phone___
Add a voice vlan Yes-table 00036 b Cisco_phone___
Add a voice vlan Yes-table 00096e Avaya___
Add a voice vlan Yes-table 000fe2 H3C_Aolynk___
Add a voice vlan Yes-table 0060 b 9 Philips_and_NEC_AG_phone
Add a voice vlan Yes-table 00d01e Pingtel_phone___
VLAN voice Yes-table add Polycom/Veritel_phone___ 00e075
Add a voice vlan Yes-table 00e0bb 3Com_phone___
interface vlan 2
IP 192.168.1.1 255.255.255.0
output
interface vlan 1
IP 192.168.111.217 255.255.255.0
output
IP route 0.0.0.0 0.0.0.0 192.168.111.254
interface vlan 1
no ip address dhcp
output
Hello interface range vlan 1
hostname switch7c0a71
No complexity of passwords allow
No server snmp Server
interface fastethernet1
switchport mode access
output
interface fastethernet2
switchport mode access
output
interface fastethernet3
switchport mode access
output
interface fastethernet4
switchport mode access
output
interface fastethernet5
switchport mode access
output
fastethernet6 interface
switchport mode access
output
interface fastethernet7
switchport mode access
output
interface fastethernet8
switchport mode access
output
interface fastethernet9
switchport mode access
output
interface fastethernet10
switchport mode access
output
interface fastethernet11
switchport mode access
output
interface fastethernet12
switchport mode access
output
interface fastethernet13
switchport mode access
output
interface fastethernet14
switchport mode access
output
interface fastethernet15
switchport mode access
output
interface fastethernet16
switchport mode general
VLAN allowed switchport General add 2 unidentified
output
interface fastethernet17
switchport mode general
VLAN allowed switchport General add 2 unidentified
output
interface fastethernet18
switchport mode general
VLAN allowed switchport General add 2 unidentified
output
interface fastethernet19
switchport mode general
VLAN allowed switchport General add 2 unidentified
output
interface fastethernet20
switchport mode general
VLAN allowed switchport General add 2 unidentified
output
interface fastethernet21
switchport mode general
VLAN allowed switchport General add 2 unidentified
output
interface fastethernet22
switchport mode general
VLAN allowed switchport General add 2 unidentified
output
interface fastethernet23
switchport mode general
VLAN allowed switchport General add 2 unidentified
output
interface fastethernet24
switchport mode general
VLAN allowed switchport General add 2 unidentified
output
interface vlan 2
name of development
output
Hi Richard,
43 - permit Protocol: any / all
42 - Protocol deny EVERYTHING 192.168.2.0 0.0.0.255-> to 192.168.111.0 0.0.0.255
41 - Protocol to deny ALL 192.168.111.0 0.0.0.255-> to 192.168.2.0 0.0.0.255
40 allow the RDP Protocol TO ALL
etc.
To block everything, including MSSQL, with the exception of the RDP and other ports that you defined above. The other defined are simply not the RDP Protocol and service work?
Richard, do note useful messages and identify the right answers.
Best,
David
-
RV110W inter-VLAN-routing is not possible
In Cisco RV110W, I set up 2 VLANS, a 192.168.1.xxx (Green Net) and the second with only a fixed address 192.168.2.100 192.168.2.xxx (Server), which is configured in the DMZ area. I enabled in Cisco "inter-VLAN-Routing", described "routing between separate VLANs on Cisco RV110W" I can Ping the server in a direktion, the other I got an error. It is just expected and ok! All other abilities expected work well!
Now, I want to see the Green network server. (firewall on the server is off)
I configured the network/router with exactly the values of the index and has been an error: "destination LAN IP may not be the same as the router's IP subnet.
Sorry, I don't understand this. Can anyone help?
Thank you in anticipation
Anton
If I understand correctly, you have a second vlan, 192.168.2.x. The RV110W is a member of this subnet so that's why we do not have a static route for something that the router knows that she welcomes this subnet.
-Tom
Please evaluate the useful messages -
My scenario is My PIX to 5 five interface. Interface E0 connect "Main router" Interface E1 connect "Partner router" Interface E3 connect 'Server Zone' Interface E4 connect 'Client area '.
My problem is 'Partner of router' care network 172.16.1.0/24 and they have used 10.0.1.0/24 service behind "Main router" and I configure default route of 'Router Partner' for PIX as same as "main router.
I have config road for PIX
"" main route 10.0.1.0 255.255.255.0 main router ""
"partner of route 172.16.1.0 255.255.255.0 router partner."
I can do? PIX can route?
What you have listed above should be fine. The PIX you can route packets. However, the usual rules still apply to allow packets pass between 2 interfaces on the PIX. You should always create the xlates and access control so that the packets to pass. I hope this helps.
Scott
-
Connect 6224 VLAN routing and management VLAN
Happy holidays all the world-
I read several posts here and elsewhere on the inability of the 6224 to deliver its own management interface. OK, enough, I get it. But what I don't understand is a practical solution to what seems to be a huge problem if you want to use the network to connect to the device to manage (instead of the serial console port).
Let's say I want to have three networks A, B, and C on the 6224 and configure it to route between any combination of them. Let's call them VLANS 1, 2, and 3. Three ethernet cables will connect to three ports on the 6224. for the network A, b and C. Let's just ignore shifts and redundant connections to do this.
The management VLAN can not be assigned to one of these networks, right? He said in the documentation, and it turns out if you try to do it on the configuration of the switch. It doesn't let you do.
So, how do you reach the 6224 for management? Create a fourth network, VLAN 4? This seems to be the general theme of the answers to questions like that, but how do you reach this seemingly isolated network? By definition, it cannot be routed. Any computer that you normally use on A, B or C, can not reach D.
So what then? A dedicated computer for D who cannot reach the other thing than the switch management port? What about another completely separate router (I have a Cisco ASA with some ports to spare, or a hint of irony, an another 6224!) to provide a connection between D and a networks normally used? This is crazy.
Of course, missing me something here. I can't believe that the answer is, 'If you enable routing, the management interface is essentially unusable"but that's what it looks like, from my possibly twisted point of view. I want to have my laptop computer and any other computer, sitting on a network that can be put to rout by the 6224, and for that same laptop also be able to reach this same 6224 management interface.
Someone please help me understand this?
Thank you
Chris
PS: I have an email address. It is almost unique on the entire planet. I use it to connect to this forum. But Dell, like so many others, insists on ignoring these facts and let me create an another unique identifier while playing a game of 20 questions. That's why my remarkably stupid random username.
Thanks again, and I hope that someone gets at least a good laugh over this.
Vlan management can be considered as a port OOB. If the intention is that it be separated from the rest of the traffic and on its own dedicated network. However, you are not limited to manage the switch through just the interface vlan management. Each VLAN with an IP address can be used by customers in this vlan to manage the switch.
For example, if you assign a VLAN 2 address and ip 192.168.2.1. Customers in VLAN 2 with and the 192.168.2.x subnet ip address can access 192.168.2.1 to manage the switch, while being able to communicate with clients in other VLANs.
I hope this helps some, let me know if you need help on your config, or to specify anything.
Thank you
-
VLAN routing when you use a dell computer 6224
Hello
I have a dell switch 6224 with 2 VLANS.
Management-192.168.1.111/24 Ports 1/g1-1 / g12
Vlan150-192.168.150.111/24 Ports 1/g13-1 / g24
I have two ports on the router with the ip address to communicate with the switch (192.168.1.2 and 192.168.150.2). Vlan1 works very well without any problems. I can ping from 192.168.150.2 to 192.168.150.111. I set up the laptop with the ip 192.168.150.113 and plugged in the Vlan150 on port 1/g19. I can not ping to 192.168.150.113 192.168.150.2. The traffic is not going through the Vlan150 in the switch.
What Miss me? This is my first time setting up a VLAN on these switches. Help, please.
Config
console #show running-config
! Current configuration:
! Description of the system "PowerConnect 6224, 3.3.8.2, VxWorks 6.5.
! 3.3.8.2 system software version
! Passage mode is configured as disabled
!
Configure
database of VLAN
VLAN 150
VLAN 150 1 routing
subnet of VLAN association 192.168.150.0 255.255.255.0 150
output
battery
1 1 member
output
192.168.1.111 IP address 255.255.255.0
by default-gateway IP 192.168.1.2
IP routing
interface vlan 150
name "VLAN150".
Routing
IP 192.168.150.111 255.255.255.0
output
level of 00436d6ae2ed27bbe87fa24b73b5a249 user name 'admin' password encrypted 15
line of AAA authentication login "defaultList".
the AAA authentication enable line 'enableList '.
line console
00436d6ae2ed27bbe87fa24b73b5a249 encrypted password
output
line telnet
connection of authentication defaultList
00436d6ae2ed27bbe87fa24b73b5a249 encrypted password
output
ssh line
connection of authentication defaultList
00436d6ae2ed27bbe87fa24b73b5a249 encrypted password
output
!
interface ethernet 1/g1
switchport mode general
output
!
interface ethernet 1/g2
switchport mode general
output
!
interface ethernet 1/g3
switchport mode general
output
!
interface ethernet 1/g4
switchport mode general
output
!
interface ethernet 1/g5
switchport mode general
output
!
interface ethernet 1/g6
switchport mode general
output
!
interface ethernet 1/g7
switchport mode general
output
!
interface ethernet 1/g8
switchport mode general
output
!
interface ethernet 1/g9
switchport mode general
output
!
interface ethernet 1/g10
switchport mode general
output
!
interface ethernet 1/g11
switchport mode general
output
!
interface ethernet 1/g12
switchport mode general
output
!
interface ethernet 1/g13
switchport mode general
VLAN allowed switchport General add 150
switchport vlan allowed General remove 1
output
!
interface ethernet 1/g14
switchport mode general
VLAN allowed switchport General add 150
switchport vlan allowed General remove 1
output
!
interface ethernet 1/g15
switchport mode general
VLAN allowed switchport General add 150
switchport vlan allowed General remove 1
output
!
interface ethernet 1/g16
switchport mode general
VLAN allowed switchport General add 150
switchport vlan allowed General remove 1
output
!
interface ethernet 1/g17
switchport mode general
VLAN allowed switchport General add 150
switchport vlan allowed General remove 1
output
!
interface ethernet 1/g18
switchport mode general
VLAN allowed switchport General add 150
switchport vlan allowed General remove 1
output
!
interface ethernet 1/g19
switchport mode general
VLAN allowed switchport General add 150
switchport vlan allowed General remove 1
output
!
interface ethernet 1/g20
switchport mode general
VLAN allowed switchport General add 150
switchport vlan allowed General remove 1
output
!
interface ethernet 1/g21
switchport mode general
VLAN allowed switchport General add 150
switchport vlan allowed General remove 1
output
!
interface ethernet 1/g22
switchport mode general
VLAN allowed switchport General add 150
switchport vlan allowed General remove 1
output
!
interface ethernet 1/g23
switchport mode general
VLAN allowed switchport General add 150
switchport vlan allowed General remove 1
output
!
interface ethernet 1/g24
switchport mode general
VLAN allowed switchport General add 150
switchport vlan allowed General remove 1
output
activate 00436d6ae2ed27bbe87fa24b73b5a249 encrypted password
output
Hello
The laptop is probably sending unmarked packages and so you need to change the PVID on the interface so that the unmarked packages are assigned to 150 of VLAN.
switchport General pvid 150
-
I'm pretty green when I just went and routing configurations please bear with me. I'm available what I want to achieve and what I could do until now (although it may be completely wrong).
I have an office where we run low on IP addresses for our local network, the obvious answer is to get VOIP phones on their own subnet. So, I have a switch PC6224 I want to use to create the second subnet.
Existing Workstation LAN = 172.22.144.0 (255.255.255.0)
Default GW for the LAN = 172.22.144.1 for all devices on that subnet
I would like to create an IPPhone = 172.22.145.0 (255.255.255.0) subnet
Here's what I have "Achieved" so far:
Currently, I can ping from a client on 172.22.145.x to the 172.22.144.12 (VLAN 3 ip interface) but cannot ping any other 172.22.144.x that is not directly connected to the 6224 switch device. Trying to ping the network 172.22.145.x device leave a device plugged into the 172.22.144.x VLAN on the switch of packets results was sent to the default gateway for the network (172.22.144.1) who does not know what to do with them.
Here is my config of 6224 switch operation:
Console execution #show
! Current configuration:
! Description of the system "PowerConnect 6224, 3.3.6.4, VxWorks 6.5.
! 3.3.6.4 system software version
! Passage mode is configured as disabled
!
Configure
database of VLAN
VLAN 2-3
VLAN 2 1 routing
VLAN 3 2 routing
subnet of VLAN association 172.22.144.0 255.255.255.0 3
subnet of VLAN association 172.22.145.0 255.255.255.0 2
output
battery
1 1 member
output
IP address no
IP routing
IP route 0.0.0.0 0.0.0.0 172.22.144.1
interface vlan 2
name "IPPhone.
Routing
IP 172.22.145.1 255.255.255.0
output
interface vlan 3
name "TWLAN".
Routing
IP 172.22.144.12 255.255.255.0
output
level of 746f7a78621059d80fdc538acc40cbf2 user name 'admin' password encrypted 15
!
interface ethernet 1/g3
switchport access vlan 3
output
!
interface ethernet 1/g4
switchport access vlan 3
output
!
interface ethernet 1/g5
switchport access vlan 2
output!
interface ethernet 1/g6
switchport access vlan 2
output
!
interface ethernet 1/g7
switchport access vlan 2
output
!
interface ethernet 1/g8
switchport access vlan 2
output
!
interface ethernet 1/g9
switchport access vlan 2
output
!
interface ethernet 1/g10
switchport access vlan 2
output
!interface ethernet 1/g11
switchport access vlan 2
output
!
interface ethernet 1/g12
switchport access vlan 2
output
!
interface ethernet 1/g13
switchport access vlan 2
output
!
interface ethernet 1/g14
switchport access vlan 2
output
!
interface ethernet 1/g15
switchport access vlan 2
output
!
interface ethernet 1/g16switchport access vlan 2
output
!
interface ethernet 1/g17
switchport access vlan 2
output
!
interface ethernet 1/g18
switchport access vlan 2
output
!
interface ethernet 1/g19
switchport access vlan 2
output
!
interface ethernet 1/g20
switchport access vlan 2
output
!
interface ethernet 1/g21
switchport access vlan 2output
!
interface ethernet 1/g22
switchport access vlan 2
output
!
interface ethernet 1/g23
switchport access vlan 2
output
!
interface ethernet 1/g24
switchport access vlan 2
output
outputConsole #.
Any help would be greatly appreciated.
Thanks, Grant
What port connects to 172.22.144.1 the jump according to the internet?
What should happen is we need a VLAN 'remote' separate just for the connection between the 6224 and your 172.22.144.1 jump following the internet device.
If 172.22.144.1 remains the same, then you must create another local network VIRTUAL to "TWLAN". Eventually, VLAN 4 with a range of ip addresses of 172.22.146.1 - 254 255.255.255.0. Where the VLAN 4 interface has an IP address defined as 172.22.146.1. Once that all connected devices again VLAN 4 that were in the VLAN 3 need to change there IPs and gateway 172.22.146.1
So the only port that has configuration of VLAN 3 is the connection to 172.22.144.1 port next to the internet break. The IP address defined on the interface VLAN 3 should be in the same subnet as 172.22.144.1 range.
Here is a diagram that can help you to see the whole upward. VLAN 100 in the diagram represent VLAN 3 in your case. Switch 2 would represent your device from the internet of next hop.
-
PowerConnect 6224 VLAN Routing, unable to connect out of VLAN but able to connect by entering.
To set up a new VIRTUAL local network to separate the common workstation network and obtain new DHCP scope, I had a few questions and found advice in the post of http://en.community.dell.com/support-forums/network-switches/f/866/t/19370806.aspx?PageIndex=3 but now I find that my traffic is not going through properly so I'm starting a new thread to get help shows all of working.
Current primary network 192.168.1.0/24 (192.168.1.200 DHCP server). Adding new perspectives to the server for 192.168.3.0/24 active.
Gateway default 192.168.1.0/24 is 192.168.1.254 (Cisco ASA, it was set up like that when I arrived and no room to insert the dedicated router). Adding route to 192.168.3.0/24 > 192.168.1.253 (PC6224 and VLAN 1 management interface). I also added exceptions NAT asa for the 192.168.3.0 network.
I was still having some problems of scathing to the 192.168.3.0 network from the DHCP server and I added a static route on the server for this network, bypassing the ASA for routing to the switch.
From the DHCP server, I am able to ping 192.168.1.253, 192.168.3.254 but not a laptop that runs Windows XP configured with 192.168.3.1 address connected to port 22 of the 6224.
The XP laptop, I am able to ping 192.168.3.254 but not 192.168.1.253 or any other address in the 192.168.1.0 network.
The switch CLI, I am able to ping on both networks destinations.
Here is my config of switch. I have it set to scrape factory reset so there is no buried old ACL inside.
console #show run
! Current configuration:
! Description of the system «PowerConnect 6224P, 3.3.5.5, VxWorks 6.5»
! 3.3.5.5 system software version
! Passage mode is configured as disabled
!
Configure
database of VLAN
VLAN 2
VLAN 2 1 routing
outputIP 192.168.1.253 255.255.255.0
by default-gateway IP 192.168.1.254
IP - domain.local domain name
name-server IP 192.168.1.11
name-server IP 192.168.1.200
IP routing
IP helper-address 192.168.1.200 dhcpinterface vlan 2
name 'common '.
Routing
192.168.3.254 IP address 255.255.255.0
IP netdirbcast
bandwidth 10000
business assistance-address IP 192.168.1.11
field of IP helper-address 192.168.1.200
IP helper-address 192.168.1.200 dhcp
IP mtu 1500
outputl2relay DHCP
DHCP l2relay vlan 2
!
interface ethernet 1/g21
switchport access vlan 2
output
!
interface ethernet 1/g22
switchport access vlan 2
output
!
interface ethernet 1/g23
switchport access vlan 2
output
!
interface ethernet 1/g24
switchport access vlan 2
output
-
PIX-to-router VPN static-to-dynamic
Dear friends,
I'm trying to configure an IPSec tunnel between a router IOS and a PIX v7.0. I've seen some URL pointing here for a configuration example. However, this example only covers the v6.x PIX version, is not not helpful to resolve my case.
My situation is that the router connects to a DSL provider and obtain a dynamic IP address and my PIX device has a static (Leased line) connection to the Internet. So, I have to establish the tunnel using preshared keys.
How to make using v7.x on the PIX?
Appreciate the help,
Mauricio
Mauricio,
Here is an example for version 7.0 of PIX a tunnel L2L dynamic.
You must create a dynamic encryption card, and use the tunnel defaultL2L-group for pre-shared key settings.
The rate of this post, if that helps.
See you soon
Gilbert
-
Changes in the incoming packets to address SG300 inter - VLAN routing and MAC
Hello
I SG300-20 operates in Layer 3 mode
Vlan1 is not used
Gateway Internet is VLAN211
Customers are in other VLANs
Switch is the default gateway for clients and itself has internet gateway as default route.
The switch MAC address is XX:XX:XX:XX:XX:63
When the client sends traffic destined for Internet MAC address in outgoing packets is XX:XX:XX:XX:XX:63
But in incoming packets the source MAC address is XX:XX:XX:XX:XX:69
Why change? And how can I set the switch to use MAC XX:XX:XX:XX:XX:63 address?
I finished the event and found that it does not change as expected. When you use the switch to Layer 3, routing, with or without him as your default gateway, it will happen.
I tested two different VLAN in two different ways, and every time that I ping via the switch to a different subnet, the MAC source on the return package was different on the last two. This is due to the fact that the return traffic through a different interface on the switch.
Currently, there is no option to change this.
-
Termination of VPN on Pix behind router IOS with private subnet
OK, basically, I wonder if it is possible to terminate a VPN connection on a Pix 506 Firewall which is behind a router IOS. The public interface of the Pix 506 have a private on a 29 ip address will IOS within the interface. Network is configured as follows:
Internet as 10Base T
| (5 public - X.X.X.34. 38)
| (In WIC-1ENET)
| (.34 assigned to interface)
Cisco 1760
| (Pomp) | (WIC-4PORTSWITCH)
| | (10.0.0.1 29 on 1760)
Net private Pix 506
(192.168.1.0) (10.0.0.2 29 on Pix)
Now, two internal interfaces of the 1760 are configured to PAT on the IP of the interface of the 1760 and all internet traffic goes perfectly. None of the access lists are currently applied anywhere on the 1760 and a static translation on the 1760 is configured pour.35 to 10.0.0.2 ('public' ip pix). RDP and other services authorized in the pix access list work perfectly well from the outside world when you enter a.35, but if I try to terminate a VPN from a pix 501 for the pix 506 offsite using the Intellectuelle.35 property, it does not work.
Is it possible to do this type of work setting.
I realize I could put an external switch to 1760 and run the public subnet directly and individually in the 1760 and Pix 506, however, I really would prefer not no need to do so if it is possible to avoid it.
Remove the crypto map to the interface on the PIX and reapply.
Maybe you are looking for
-
Satellite R630 - 11L - sometimes did not recognize the SSD drive
Hi all I have a portable Satellite R630 - 11L and I just bought a Corsair F120 SSD for her, but my laptop a few times did not recognize the SSD drive and fails to start occurs. I searched on the Internet concerning the issue, but there are any topic
-
I'm not exactly computer savvy, so I hope someone can help. I bought a hp2000 a year and half ago. I don't know if this model is supposed to turn on with just the adapter or not. If so, then it is not. It turns on only with the battery. Also, I recen
-
Problems with Latitude E7250 & SCCM 2012 R2 (no network in WinPE)
Hello! We have here a weird problem.I've added new WinPE 5.x drivers to SCCM, added to the image of boot etc.Also added the E7250 drivers and created the driver, added to the task sequence package.It worked for all models E4200 until E7240.However, E
-
Venodr Portal problem awardees
Is someone can you please tell me where I'm wrong? Firslty, I registered with App World and have accepted the T & C and created a POS linked to my PayPal account. I have NOT submitted tax documents as I am an indvidual, not a company and based in the
-
How to select rows as some passes?
Hi all11.2.0.1I have two tablesEmp1 (name1) contain values:=================Justin bieber peraltaBruno March minozaEMP2 (name2) contain values:=============BieberMarchI want to choose emp1 name1 where name1 like ' % | name2. %' of emp2.I'm confused a