VPN in different VLANS

Hello - I have searched for hours and looked through tons of answers, but I can't seem to get this to work. Due to an unfortunate situation, I suddenly became our network instead of our domain servers administrator. There is a problem with the fact that I was struggling, and I hope you can help out me. I don't know anything about Cisco ASA.

We have a multi-site network, all hung over VPN across multiple devices Cisco ASA 5505. One of our sites has 2 VLAN going to 2 different subnets. The second site has only one VLAN. 2 sites are able to communicate with each other through the VPN, but site 2 can not ping all devices on the VLAN 2nd the first site. I hope that's not too complicated. Here is a breakdown:

Site 1:

Vlan1 is the 10.10.1.0 internal subnet.

VLAN2 is external WiFi.

VLAN12 is the 10.10.12.0 internal subnet.

Site2:

Vlan1 is the 10.10.20.0 internal subnet

VLAN2 is external WiFi.

Site2 VLAN1 (10.10.20.1) is connected via VPN to Site1 VLAN1 (10.10.1.5). Site1 can ping 10.10.12.0 without problem. Site2 can ping 10.10.1.0 without problem. Site2 DO ping 10.10.12.0. How can I get Site2 to subnet ping the 10.10.12.0 to Site1?

Joint are my configurations - I'm not sure if they are correct. I inherited this unexpected work. Thanks in advance for your help.

Add this site one:

access-list 101 extended allow ip 10.10.12.0 255.255.255.0 10.10.20.0 255.255.255.0

access-list extended 150 permit ip 10.10.12.0 255.255.255.0 10.10.20.0 255.255.255.0

- - - - - - - - - - - - - - - - - - - - - - -- - - - - -

FYI...

Remove this site line two:

No traverse private address via the public cloud, without going through the tunnel, so your allowed private lines are of no use on outside_access_in.
access extensive list ip 10.10.12.0 outside_access_in allow 255.255.255.0 any

- - - - - - - - - - - - - - - - - - - - - - -- - - - - -

Add these lines on the site two.

109 extended access-list allow ip 10.10.20.0 255.255.255.0 10.10.12.0 255.255.255.0
access-list 110 extended allow ip 10.10.20.0 255.255.255.0 10.10.12.0 255.255.255.0

Thank you

Rizwan James

Tags: Cisco Security

Similar Questions

How to configure the different VLANs (using the E3200)?

Hello.

I want to implement different VLANs (using the E3200) so that I can have two different networks that cannot access each other.

The E3200 is connected to a modem for internet access.

I would like that the two networks to access the internet.

The only E3200 does support the creation of VLANs?

If not, is there another way I can satisfy the requirement by using the single E3200 (using something else than VLANs)?

At the end of the day, I think that I would need at least another router.

Thus, for example,.

Router a (E3200) is connected to the configuration / modem to DHCP with a rank 192.168.1.1/24 LAN IP address.

Router B is connected to the router and Setup for DHCP by using a LAN IP range 192.168.2.1/24.

This peripheral way connected to the router A should not have access to devices connected to router B and vice versa, correct? For example, X device connected to the router cannot ping or browse files on the device is connected to router B and vice versa, correct?

Do I need to configure anything else on router B? For example, do I need the DNS configuration settings so that devices connected to router B can connect to the internet without problem? Do I need to specify that these VLANs are not bridged and which router, or both?

I already know how to configure a static IP address, DHCP, beaches LAN IP and static DNS settings on a router, etc.

With respect to wireless devices, I think that they would follow the same model; for devices connected to the router wireless (E3200) have access to other devices Wi-wired and connected to the router, but not to devices with or without wire, connected to router B and vice versa. However, if the wireless devices have currently access to wired devices was also connected to the router, so it's good for now.

Thank you very much!

-Rami

The E3200 has no support VLAN according to the manual. There is no way to configure two separate networks with this single router.

You need to add network electronics.

Ex:

Managed with VLAN switch

Another wireless router with VLAN

If your modem provides several public or private IP addresses, then you could put a switch after the modem and two wireless routers that are attached to the switch.

Wake on LAN (WOL) through different VLAN on SG-300-10

Hello

I try to get WOL working through different VLAN on a Switch SG-300-10 in layer 3 Mode. To achieve this, I set up a UDP relay (GUI menu Configuration IP) for UDP Port 7 to 255.255.255.255 (this should inundate all interfaces with the package), however, does not work WOL in different VLANS. When I am connected directly to the VLAN corresponding, WOL works fine in the same subnet. Am I missing something here?

All comments appreciated!

Thank you very much!

Hi Romeo,.

A few minutes to try it on my SG300 - 10 p mode layer 3.

My NAS unit is capable WOL and I thought I would use it in my test environment...

Ran a basic test to check my sender of packet Magic from my PC "awakened" my NAS unit.

As you would expect, on the same subnet, the magic packet WOL caused my NAS unit to power, no problem.

But this isn't really the test, just a test database to check that my sender of the packet magic WOL and NAS was working well.

The screenshot below shows WOL software I used on my PC. Why use this software, no reason except that it was available for free. Also, I'm sure other WOL software out there for different platforms that work just as well or with more features.

First of all, I see according to your question, you used relays UDP destination port 7, well it is the default setting on the UDP relay on my switch.

I wonder why you used or stayed with destination UDP port 7, because the Magic packet mailers may use different destination UDP ports?

I had to use wireshark to see the real destination UDP port that uses my sender of the magic packet WOL.

Notice of capturing wireshark above, that my magic packet software uses the UDP port destination 9, NOT the default value that you can see on the switch. Ignore what wireshark labels this port.

OK, I then created a VLAN that I named "VLAN2' with a = 2 VID on my SG300 - 10 p (SRW2008P-K9-NA)

I added a 192.168.2.1/24 IP interface to VLAN2, which is a different network from the default VLAN.

I then added three ports this VLAN newly created as a member untagged VLAN2.

The default VLAN (VID = 1) an IP network 192.168.10.0/24.

My NAS (WOL capable) unit has an IP address of 192.168.10.61.

I plugged my PCt to the vlan 2 and statically assigned 192.168.2.2/24. It is the PC that has the magic package software.

I added a route static to my router WAN, just so that I could access the router my PC attached to the VLAN2 WAN.

I tried the magic packet WOL software and will not turn on my NAS. He expected that the magic packet broadcast would never jump over a limit of LAN in one VLAN different...

Now, I tried to install a UDP relay so that the Magic Packet WOL "would be" the VLAN2 network interface VLAN1.

So I configure and add to my SG300 UDP relay entry - 10 p. See the screen capture below.

I have to admit, I'm used to using UDP relay normally take a netbios broadcast and unicast to a server Ms.

But check the screenshot below, I put the switch to send the UDP relay to the broadcast address of VLAN1 network... The magic packet Wakeup sent from my PC into 2 VLANS must have passed over the limit VLAN that my NAS unit woke.

In order to check the destination port UDP to your WOL software using wireshark, and then create an appropriate UDP relay.

Experiment and play with that, once you get your device WOL properly powereing successfully.

Best regards, Dave

If I answered your question, please rate the relevance of this response

WIndows Server with multiple IP addresses in different VLANS

What I'm trying to achieve: -.
A Server Windows 2008 R2 Virtual machine with of 6 vNIC each with an IP different address of VLAN different & connected to the corresponding ports on VIRTUAL LAN group.
Now how to make sure that traffic is properly flowing as traffic for VLAN specific are coming and get out of that vnic so that it can flow through port designated group
As a single gateway can be mentioned, I guess we need to add static routes for that to work, but if it's static routes, then please explain to me how these roads will need to be added for each IP address.
Or if there is another way to make her even if you please let me know.

Thanks in advance...

I was wondering what I really need to add roads since I am not asking that two different VLAN is talking to each other. Guess that's when I need the static routes.

I guess in this case if I have 3 NIC with 3 different IP addresses would not be the traffic corresponding VLAN will come automatically the corresponding card.

That would not be in the range 1.2.3.x traffic flows automatically NIC1 & 5.6.7.x runs automatically NIC2 & etc.?

Can you have vCenter and your database server on different VLAN?

According to the title, can you have vCenter and your database server on different VLANS or must they reside on the same?
Also if we want to change the current IP Address/Subnet Mask vCenter, are there factors that we take into account?
Thanks in advance for any help

Yes they can, so you must only be sure to have enough bandwidth network and speed between them will not affect the performance of VC.

To change the IP of vCenter, keep an eye on this: http://kb.vmware.com/kb/1001493

App 5.1 server does not not on different VLANS

Helloooo

I just installed a new server and I use the server application. Everything seemed to work fine until I moved my iMac to a VLAN different. Profiles and update settings do not push to the iMac and sit at a stadium in waiting. Also to register the new iMacs on the server I get to the login server window and it crashes it and does not authenticate. Screen opens by saying that I can open a second window and registration. When I try to register, I get an unknown error and that it fails. It seems timeless. I tried to change a lot of settings prescribed by other users, but nothing helped. Someone at - it advice on what could be the problem.

See you soon

Sean

Hello

I took the easy on this way and bring a USB ethernet to my mac so that I have two physical interfaces. An in each VLAN.

There are other ways to do this, and this is a good article:

https://blog.Pivotal.IO/Labs/Labs/using-deploystudio-across-Subnets-a-Path-Not-t Aken

Kind regards

Erik

Assign different VLAN wireless authentication

Dear Stephen,

I want this product fits the following situation?

The user will use their laptop to assign the internet by the following situtaion.

1. they will go to a web portal to choose their internet service provider and connecting to services.

2. once they got successful connection, they can use their PC to access the internet.

What I think is that they will have access to a vlan public web portal, once they got the authentication. Their links will assign to differnet vlan (different service provider). Eventually they get the IP address of the DHCP server on MS and go to the internet.

I can't find a solution for above situation, can you help me?

I suggest that you go for the Cisco unified wireless solution. More information about the Cisco solution unified are available at http://www.cisco.com/en/US/netsol/ns340/ns394/ns348/ns337/networking_solutions_package.html

For your scenario, I suggest that you create two VLANS. One for guest users and the other for internal users. An example configuration that is available at http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008070ba8f.shtml

Between Cisco ASA VPN tunnels with VLAN + hairpin.

I have two Cisco ASA (5520 and 5505) both with version 9.1 (7) with Over VPN and Security Plus licenses. I try to understand all the internet a traffic tunnel strategy VLAN especially on the 5520 above the 5505 for further routing to the internet (such as a hair/u-turn hairpin). A few warnings:
1. The 5505 has a dynamically assigned internet address.
2. The 5505 has sometimes no device turned on behind her, bringing interfaces down to the inside (which can cause problems from site to site).
3. The 5520 cannot be a client of ezvpn due to its current role as a server of webvpn (anyconnect).
Let me know if I need to post my current config. Basically, I'm starting from scratch after several attempts.

Thank you!
1. The 5505 has a dynamically assigned internet address.
You can use the following doc to set up the VPN and then this document to configure Hairping/U tuning

2. the 5505 has sometimes no device turned on behind her, bringing interfaces down to the inside (which can cause problems from site to site).

Make sure that the interface is connected to a switch so that it remains all the TIME.

3. 5520 the may not be a ezvpn customer due to she has current as one role anyconnect webvpn ()) server.

You can use dynamic VPN with normal static rather EZVPN tunnel.

Kind regards
Dinesh Moudgil

PS Please rate helpful messages.

RADIUS on different VLANs

Hi all

My RADIUS server is on Vlan different and I have configured AAA on my switch located on one Vlan different. Is it possible to point RADIUS server to use the Vlan I want?

Any help will be much appreciated.

Thank you.

Hello

Are you talking about the switch using a VLAN different?

If the command you are looking for is:

radius of the source interface IP Vlan

Thank you

Chris

Edit: Your VLANS will need a layer 3 interface.

Client VPN access to VLAN native only

I have a router 2811 (config below) with VPN set up. I can connect through the VPN devices and access on the VLAN native but I can't access the 10.77.5.0 (VLAN 5) network (I do not access the 10.77.10.0 - network VLAN 10). This question has been plagueing me for quite a while. I think it's a NAT device or ACL problem, but if someone could help me I would be grateful. Client VPN IP pool is 192.168.77.1 - 192.168.77.10. Thanks for the research!

Current configuration: 5490 bytes

!

version 12.4

horodateurs service debug datetime msec

Log service timestamps datetime msec

encryption password service

!

2811-Edge host name

!

boot-start-marker

boot-end-marker

!

enable secret 5 XXXX

!

AAA new-model

!

AAA authentication login userauthen local

AAA authorization groupauthor LAN

!

AAA - the id of the joint session

!

IP cef

No dhcp use connected vrf ip

DHCP excluded-address IP 10.77.5.1 10.77.5.49

DHCP excluded-address IP 10.77.10.1 10.77.10.49

!

dhcp Lab-network IP pool

import all

Network 10.77.5.0 255.255.255.0

router by default - 10.77.5.1

!

pool IP dhcp comments

import all

Network 10.77.10.0 255.255.255.0

router by default - 10.77.10.1

!

domain IP HoogyNet.net

inspect the IP router-traffic tcp name FW

inspect the IP router traffic udp name FW

inspect the IP router traffic icmp name FW

inspect the IP dns name FW

inspect the name FW ftp IP

inspect the name FW tftp IP

!

Authenticated MultiLink bundle-name Panel

!

voice-card 0

No dspfarm

!

session of crypto consignment

!

crypto ISAKMP policy 1

BA aes 256

preshared authentication

Group 2

life 7200

!

Configuration group customer isakmp crypto HomeVPN

key XXXX

HoogyNet.net field

pool VPN_Pool

ACL vpn

Save-password

Max-users 2

Max-Connections 2

Crypto isakmp HomeVPN profile

match of group identity HomeVPN

client authentication list userauthen

ISAKMP authorization list groupauthor

client configuration address respond

!

Crypto ipsec transform-set esp - aes 256 esp-sha-hmac vpn

!

Crypto-map dynamic vpnclient 10

Set transform-set vpn

HomeVPN Set isakmp-profile

market arriere-route

!

dynamic vpn 65535 vpnclient ipsec-isakmp crypto map

!

username secret privilege 15 5 XXXX XXXX

username secret privilege 15 5 XXXX XXXX

Archives

The config log

hidekeys

!

IP port ssh XXXX 1 rotary

!

interface Loopback0

IP 172.17.1.10 255.255.255.248

!

interface FastEthernet0/0

DHCP IP address

IP access-group ENTERING

NAT outside IP

inspect the FW on IP

no ip virtual-reassembly

automatic duplex

automatic speed

No cdp enable

vpn crypto card

!

interface FastEthernet0/1

no ip address

automatic duplex

automatic speed

No cdp enable

!

interface FastEthernet0/1.1

encapsulation dot1Q 1 native

IP 10.77.1.1 255.255.255.0

IP nat inside

IP virtual-reassembly

!

interface FastEthernet0/1.5

encapsulation dot1Q 5

IP 10.77.5.1 255.255.255.0

IP nat inside

IP virtual-reassembly

!

interface FastEthernet0/1.10

encapsulation dot1Q 10

IP 10.77.10.1 255.255.255.0

IP access-group 100 to

IP nat inside

IP virtual-reassembly

!

interface FastEthernet0/0/0

no ip address

Shutdown

automatic duplex

automatic speed

!

interface FastEthernet0/1/0

no ip address

Shutdown

automatic duplex

automatic speed

!

router RIP

version 2

10.0.0.0 network

network 172.17.0.0

network 192.168.77.0

No Auto-resume

!

IP pool local VPN_Pool 192.168.77.1 192.168.77.10

no ip forward-Protocol nd

!

IP http server

no ip http secure server

overload of IP nat inside source list NAT interface FastEthernet0/0

!

IP extended INBOUND access list

permit tcp any any eq 2277 newspaper

permit any any icmp echo response

allow all all unreachable icmp

allow icmp all once exceed

allow tcp any a Workbench

allow udp any any eq isakmp

permit any any eq non500-isakmp udp

allow an esp

allowed UDP any eq field all

allow udp any eq bootps any eq bootpc

NAT extended IP access list

IP 10.77.5.0 allow 0.0.0.255 any

IP 10.77.10.0 allow 0.0.0.255 any

IP 192.168.77.0 allow 0.0.0.255 any

list of IP - vpn access scope

IP 10.77.1.0 allow 0.0.0.255 192.168.77.0 0.0.0.255

IP 10.77.5.0 allow 0.0.0.255 192.168.77.0 0.0.0.255

!

access-list 100 permit udp any eq bootpc host 255.255.255.255 eq bootps

access-list 100 permit udp host 0.0.0.0 eq bootpc host 10.77.5.1 eq bootps

access-list 100 permit udp 10.77.10.0 0.0.0.255 eq bootpc host 10.77.5.1 eq bootps

access-list 100 deny tcp 10.77.10.0 0.0.0.255 any eq telnet

access-list 100 deny ip 10.77.10.0 0.0.0.255 10.77.5.0 0.0.0.255

access-list 100 deny ip 10.77.10.0 0.0.0.255 10.77.1.0 0.0.0.255

access ip-list 100 permit a whole

!

control plan

!

Line con 0

session-timeout 30

password 7 XXXX

line to 0

line vty 0 4

Rotary 1

transport input telnet ssh

line vty 5 15

Rotary 1

transport input telnet ssh

!

Scheduler allocate 20000 1000

!

WebVPN cef

!

end

If you want to say, that after the way nat rules which I have proposed, you lost the connection to the VLAN native, so yes, it's because the subnet VLANs native has not been included in this acl with Deny statement. So that the ACL should look like this:

NAT extended IP access list

deny ip 10.77.5.0 0.0.0.255 192.168.77.0 0.0.0.255

deny ip 10.77.1.0 0.0.0.255 192.168.77.0 0.0.0.255 //This is not respected

allow an ip

In addition, if you want to go throug the other tunnel inside the subnet not listed above, then you should include that subnet to the NAT exemption rule with Deny statement.

Firewall VPN, VMs and VLAN

It is just a simple example to help me understand.
Let's salsa in my data center, I have a simple setup with 1 firewall (LAN port) connected to the server physical 1' data network port. The server has two network, 1 data and 1 management ports.
3 branch offices are connected to the WAN port on the firewall via VPN, and each office is on a separate subnet. The firewall is capable of creating VLANs of course. For example, I can direct traffic to office 1 to go to the VLAN 1 which is the 1st Port of the firewall.
The requirement is that each office wants their own virtual machines. Virtual machines for an office are not allowed to talk to other virtual machines for other offices.
How can I set up? How I would order traffic to office 1 to go to the VLAN1 where VMs for Office 1 would also live and then do the same for Office 2 & 3? I need 3 network ports (one for each office) on the physical server to accomplish this or I could use "vSwitch' function?

No additional need to NICs. We establish Setup with existing maps.

1. create 3 VLANs (for example: 11,12 and 13) for each office.

2. set the switch port physical/firewall which is connected to taking data network of servers in TRUNK mode. Its to allow the traffic of all the VLANS.

3. create 3 exchanges in vswitch (for example: 1, 2 and 3 office)

4 VLANs for each card exchanges.

VLAN 11-> office1

VLAN 12-> office2

VLAN 13-> guidelines3

5. connect the virtual machines to their respective trade.

Several iSCSI SAN on different VLANS

I have a little trouble to get this configured.
In our environment, we have 4 guests and 2 EqualLogic iSCSI San. Each host has 3 NICs dedicated to iSCSI traffic, and they have been implemented to use the plugin for Multipathing of Dell with 3 VMKernel iSCSI ports, each bound to a NETWORK adapter physical and then linked to the iSCSI software adapter.
We want to add a new SAN QNAP out some VMs test & dev environment of low cost data warehouses. The QNAP San not supporting Jumbo frames, we want to move them to their own VIRTUAL local area network.
Can someone tell me how I can get this set up? I need of course a new VMKernel port running on the VLAN again, but after that I'm stuck.
Thank you

First: the initiator will be gracefully demote by using standard images.

Second, there is nothing that prevents you from using the same trade for the qnap. If it does not manage the same way MPIO, you may need to add more exchanges and vmknics. If you place moderate to heavy load on the qnap it would interfere with the ability of the EMM to balance the load properly but allows to measure.

We have a group EQL and a Celerra making MPIO in different ways. With Celerra you add several portals (ip addresses) network on different subnets so ideally you set up your trade in this way. For us, this meant adding a second portgroup and vmknic on each vmnic, resulting in a whole bunch of paths to the Celerra said. If our use of Celerra was far from being weak to non-existent I probably don't have it.

-Anders

NFS/iSCSI ports vmkernel - different VLAN?

I have a question, if you already have a vmkernel port defined for NFS (in vlanX), and if you want to set the iSCSI on the same physical network adapter vmkernel port/ports, then you would give this NIC iSCSI even vlan like NFS or vlanY for iSCSI?
If you have found this device or any other answer useful please consider useful or correct buttons using attribute points

I would create different VGA (and VLAN) for the types of traffic. It's simple, and it will stand the test of time and changes in your iSCSI environment. You can add network cards later, you can separate the iSCSI network in main switch.

My situation is a little different to yours I have NFS coming through vPC on Nexus s 2148 (here 1000V) and traffic iSCSI in France via 3750 s (here 1000V). The NFS traffic using vPC and iSCSI traffic uses MAC pinning and iSCSI MPIO. Very different profiles. A time ago I would have found myself in a situation similar to yours, and I took a simple approach to share the same VLAN I would be regret and detangle it right about now

Andrew.

Pwerconnect 6224: vlan client computers do not receive the ip address of DHCP server on a different VLAN

Hello

I have a prolem routing dhcp requests between the vlan management where DHCP server resides and the other VLANs.

I have the scenario of base with three VLANS: vlan 10 (management vlan), 20, 30, configured on a Powerconnect 6224 switch L2 mode. This switch is connected to a pfsense router. The router is configured at the package of road between the VLANS and it does it well.

In Vlan 10, I have a configured DHCP server to use the ip addresses of all the VLANS (10, 20, 30). VLAN 10 client computers receive ip address but not others from other VLANs.

When I put the ip address in the appropriate range of VLANs manually on computers, I ping the server and I have connectivity.

This suggests that the problem is with the dhcp package.

The following is the configuration of the switch:

Configure
database of VLAN
VLAN 10,20,30
VLAN 1 1 routing
VLAN 20 2 routing
VLAN 30 3 routing
output
SNTP server time.nist.gov
clock timezone 1 minutes 0
battery
1 1 member
2 2 Member
output
DHCP IP address
IP address vlan 10
name of the IP-server 172.16.10.1

bootpdhcprelay cidridoptmode
interface vlan 1
Routing
IP 172.16.1.1 255.255.255.0
output
interface vlan 20
Routing
address 172.16.20.1 IP 255.255.255.0
output
interface vlan 30
Routing
IP 172.16.30.1 255.255.255.0
output
level of 20fc49459a1898b923ed3ec7b3e81276 user name 'admin' password encrypted 15
No spanning tree
spanning tree priority 0
l2relay DHCP
DHCP l2relay VLANs 10, 20-30
DHCP l2relay circuit-id VLANs 10, 20-30
!
interface ethernet 1/g2

l2relay DHCP
switchport access vlan 20
output
!
interface ethernet 1/g3
l2relay DHCP
switchport access vlan 30
output
!
interface ethernet 1/g21
switchport access vlan 10
output
!
interface ethernet 1/g22
switchport access vlan 10
output
!
interface ethernet 1/g23
switchport access vlan 10
output
!

interface ethernet 1/g24
switchport mode trunk
switchport trunk allowed vlan add 10,20,30
output
Server SNMP community EyesOfNetwork ro
SNMP-server community public ro
output

I followed the instructions in the powerconnect 6224 user guide, but no progress on this issue.

Any help will be be grateful.

Thank you

Zoubeir

The DHCP server stores information that could be useful? May need to configure monitoring ports and something as wireshark to monitor DHCP packets. This would help determine where the package is stopping.

example:

Console (config) #monitor session 1 source interface 1/g8

Console (config) #monitor session 1 destination interface 1/g10

session mode 1 #monitor console (config)

right now I don't see anything in the config of the switch that stands out. If the DHCP server is configured for option 82, then you will need to include the following command on the switch.

Example:

Trust l2relay console #dhcp (config-if-1/g1)

But I don't think that's our scenario here.

Internet connection through different VLAN

Could someone help me here please.

Have a cisco SG500 2 (mode layer 3) configured with 3 VLAN connected to a modem adsl (Trendnet) - vlan voice 1 data, vlan 2, vlan 3 tests. Routing between VLANs is ok I can ping any device in any vlan and have access to the internet through the vlan 1 but no internet access on the other vlan is the vlan 2 and 3. No ping to adsl, if I plugged in a device in the vlan 2 or 3. My question is do I have a router or firewall in order to provide internet access through all my VLAN or is it possible with the SG500 connected to adsl? a turn on ip Routing and the default route in my SG500, but still no luck. need internet connection for the PC as well as voip devices.

Thank you

Hi Paul, the switch performs no NAT function so if your modem is only a modem giving public IP addresses then you would need a router to support the NAT function and support the vlan or the static routes.

If your modem works as a router, need you a static route on the modem to point to the SVI to the switch to allow the clients of vlan connection to connect to the modem to turn, what makes the internet work.

-Tom
Please mark replied messages useful

VPN in different VLANS

Similar Questions

Maybe you are looking for