Cisco Switching/Routing :: ASA 5520 - Unable To Reach VLan System While Connecting From VPN
May 27, 2013
I have a multiple Offices in my location , all my external users are connecting my site using Cisco Client to site VPN and accessing my 2 sites , All users are able to access my 2nd office servers which are in 10.10.0.x pool , I have a different vlan in that same location with 10.10.35.x series and users are not able to access this pool servers , I am not much familiar with Routing . i am using ASA 5520 firewall .
View 11 Replies
ADVERTISEMENT
Oct 25, 2012
I'm new to networking and was looking for some assistance. First off im using packet tracer to diagram my senario as I will be receiving my equipment next week to deploy.
Hardware to be used:
1. 2 catalyst 3560 switches
2. all connect to a sonic wall router
I have two companies that work in the same office space. I need to keep these companies seperate on their own vlan. They will however need to share the phone system.(Packet tracer file uploaded to give those who have the time to see what I put together.) [code]
View 13 Replies
View Related
Nov 19, 2012
We have recently started as Internet service provider in an open metropolitan.
We use a Cisco 3560G Layer 3 switch, where we have all our vlan where we have konfiguerat ex. Switch (config) # interface vlan 150, an interface for each VLAN capabilities such as int vlan 1 - 10/10 int vlan 2 to 30/10, int vlan 3 100/10 and so on.
Our int vlan is configured as follows:
dhcp relay information trusted
ip address <x.x.x.x> <x.x.x.x>
ip helper-address <x.x.x.x>
Ports (ex. int Gigabit Ethernet 0/1) are configured as follows:
description Uplink
switchport access vlan x
[Code].....
Now the problem; we have a customer in ex. vlan 3 who needs to access a server provided by another customer in the same vlan (vlan 3), and access to each other in the same vlan is not possible. You can access the server from any other vlan, but when it comes to access to another host in the same vlan, you will not reach it.
We suspect that the energy company has configured with pvlan isolated. If we use the command ip local-proxy-arp on each vlan, it works to reach each other, but it seems that our 3560 becomes overloaded when ip local-proxy-arp is enabled and it streaming and use IP telephony it doesn't work. The response time at ping is longer and the loss of packets increase with ip local-proxy-arp enabled. The other operators in the metropolitan also uses Cisco 3560G so the hardware should be sufficient.
We have also tried to add no split-horizon, but it made no difference. How do we get around this without negative consequences? Probably need something that makes you allow to send out the same interface that it came from, because it works as long as you are in another vlan.
View 1 Replies
View Related
Apr 2, 2012
The Cisco 1921 router has two routed adapters. One is GE0/0 which I am using for my WAN interface. It is working properly. The 2nd interface is GE0/1 which is being used as my internal adapter. It is running NAT. When I attempt to reach the internet it fails while checking the exit interface. Here is the report.
AttributeValueRouter ModelCISCO1921/K9Image Namec1900-universalk9-mz.SPA.151-3.T.binIOS Version15.1(3)THostnameBulldog
Interface Details
AttributeValueInterfaceGigabitEthernet0/1IP address192.168.1.1DescriptionNOC Link Test Activity Summary
[Code].....
View 1 Replies
View Related
Feb 18, 2012
I'm replacing our current router with an ASA 5510 running 8.4(3) and I'm having what I think are NAT issues.From the 192.168.0.0/24 subnet, I'm able to reach the outside world (via NAT/PAT) without any issues. However none of the internal subnets (e.g. 192.168.10.0/24) are able to. Packet-tracer shows no ACL issues.
Here's my config:
ASA Version 8.4(3)
!
hostname gw
domain-name internal.mycompany.com
enable password asdf encrypted
[code].....
View 6 Replies
View Related
May 10, 2012
I have 2691 router with following config
line console 0
login local
password xty
When i remove the login local from the line console i connect to console port and press enter it shows router prompt 2691Router> but i am unable to go to enable mode.If i telnet to router then i put username and pw then it goes straight to enable mode.
vty config is
line vty 0 4
exec-timeout 600 0
logging synchronous
login local
length 500
transport input telnet ssh
escape-character 3
Any reasons why i can not go to enable mode by console?
View 3 Replies
View Related
Mar 28, 2013
I am working for a large campus network. The network has more than 70 VLANS in a Layer 3 Switch(Catalyst 4503). Customer wants to stop intervlan routing between all vlans except 2 vlans. How will i do that? I have also a Firewall (ASA 5520) & a Router (2811) in up of the switch. Besides this, I have run HSRP in Layer 3 Switches for redundancy.how will i stop intervlan routing between VLANS except 2, with ACL or any other process has?
View 10 Replies
View Related
Jan 23, 2012
Currently, we have a Cisco router (28xx), ASA 5520, and a core switch 4500. We have different vlans. We also have Auto QoS running for our Cisco IP Phones.My manager just asked me to see if I can either reserve some certain bandwidth for one vlan, or give that vlan higher priority on internet traffic than the others.
1.) Anyway we can reserve some more bandwidth for one vlan than other vlans?
2.) If #1 cannot be done, how can we provide higher priority on the internet traffic to one vlan than the others?
3.) Is #1 or #2 the same config? If not, which one would be easier (without changing our current QoS settings)?
4.) If 1 or 2 can be done, which device I should config the settings on?
5.) This question may be duplicate, but do we need to reset our current QoS to achieve the goal?
View 6 Replies
View Related
May 30, 2012
I have an ASA that houses 11 VLANs, and I am trying to add a 12th.One of the VLANs is for PCs that have internet only access.The new VLAN will be similar, but for multifunction printers only.VLAN 99 is for internet only and works fine, I can ping the gateway of 10.99.3.33 from any PC in that VLAN.I am creating VLAN 98, modeling it after VLAN 99, and I cannot get a PC in the vlan to ping the gateway of10.98.3.17.Both switch and ASA show the new VLAN 98 as UP, switchport is UP/UP.I have deleted and recreated VLAN 98 a few times, but I cannot get a PC VLAN 98 connectivity.Once it is working on the core switch, I will add it to the trunk to the IDS switches. VTP is not in use, everything is manual. [code]
View 4 Replies
View Related
Apr 28, 2012
We recently purchased Cisco 3560X Layer3 Switch. We need to perform simple Inter VLAN routing. We have configured VLAN1 (name-server_vlan) and VLAN2 (name- user_vlan). We have also assigned the Ports and IP address to both the VLANs. After assiging this if we plug Laptop A into VLAN1 then it doesnt communicates with Laptop B (btw, Laptop A is able to Ping VLAN2 Gateway ) in VLAN2 but on the other hand Laptop B is able to communicate with Laptop A and ping everything i.e. Gateway of VLAN1.
View 17 Replies
View Related
Mar 11, 2012
We have a 3750 and a 3560 defined as a layer 2 switches. One gig port on each switch is trunked to layer 3 switches, which containall the VLAN definitions etc. The other gig port on the 3650 and 3750 switches are trunked together to provide an alternative path in the event of a failure.
We have added a new device to the 3750 and given it a VLAN 9, and the VLAN added to allowable VLANS on both trunk ports between the layer 3 and layer 2 devices ie:
switch port trunk allowed vlan 9,10,20,30,40,50,60,90,200,202,206,211,212,700.
From either of the 3750 or the 3560 we can ping any device on any VLAN on any switch in this group with exception ofVLAN 9. We can however ping the ip address of VLAN 9 on the layer three switches.
View 2 Replies
View Related
Apr 1, 2013
I am using a Cisco SG-300 28 port switch in layer 3 mode as my default gateway for all my devices. I have two vlans on the switch, vlan 1 and vlan 4. Both are pulling valid IP addresses in their scope from the DHCP server, and both have valid DNS settings. I set a static route to the Internet on the switch to our firewall (192.168.5.254). All devices connected to vlan 1 are able to access the Internet, however all devices connected to vlan 4 cannot get past the switch. A tracert from one of these devices shows it hits the switch as the gateway, but gets no further. [code]
View 4 Replies
View Related
Feb 4, 2012
i am stuck in a issue! unable to ping the SVI
i am design a small network for a office.
1 router 2811
1 switch 3750-e
Router is connected to the mpls cloud with ospf.
here re the config.
Router#
int fa0/0
ip 10.10.10.1 255.255.255.252
[Code]....
i connect my laptop and give ip 22.0.68.1 255.255.255.0 and default gateway 22.0.68.251but can not ping SVI VLAN 201 (22.0.68.251) ?
and from the SWITCH i can not ping the 20.20.20.2?
View 38 Replies
View Related
Feb 4, 2013
i configured the VLAN810, with DHCP services, while i try to ping the host which is connected to gi 1/0/2 from my gi 1/0/1 , i can't ping the same vlan host , while i try to debug ip icmp its showing ,
C3750XB11#sh running-config
Building configuration...
Current configuration : 12053 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
[code]....
View 5 Replies
View Related
Apr 6, 2012
I have a Nexus 5548 installed (layer 2 device only) with several 10G ports supporting IBM P770 systems and a TSM (Tivoli Storage Manager) system on a single VLAN. All of the Nexus 5548 ports are configured for jumbo frames. I was ask to install a new server on the same VLAN as the others but as 1G port without jumbo frames to allow communications with the TSM server. I'm assuming that the 1G port for this new server without jumbo frames configured on the Nexus 5548 will not be unable to communicate with the TSM server that is on the same VLAN with it's Nexus 5548 10G port configure using jumbo frames.
View 5 Replies
View Related
Jun 23, 2012
I am not able to create more than 256 VLAN in Cisco Nexus 5010 switch. While creating I am getting "No VLAN resources available for VLAN creation" Details below -
Switch model - 5010
Software : NX OS 4.0 (1a)
Error Message:
Nexus_5010(config)# vlan 417
ERROR: No VLAN resource available for VLAN creation.
View 5 Replies
View Related
Mar 19, 2013
I have one issue on Vlan in Cisco 3750X switches , I have 2 Offices , I am sitting at corp OFfice and i have one 3750 ( 10.10.1.36)Switch at my location , in my remote office i have one more switch 3750 ( 10.10.33.1) and i am able to access the both vlan IPS with out any issue , now i have some network components in Vlan33 ( 10.10.33.1) at my remote office . i am able to ping 10.10.33.1 IP from my corp office , but i am not able to ping any network devices in 10.10.33.5 example : 10.10.33.5 is my Cyberoam IP at remote location and i am not able to ping , i have taken a trace route and not able to find the issue as i am not much femilar , ping 10.10.33.5 at remote location devicec
I am giving the Configuration for both locaitons below :
10.10.1.36 - Corp Office 3750 Switch:
sh run
L3-#sh running-config
Building configuration...
[Code].....
View 1 Replies
View Related
Jul 10, 2012
Yesterday I configured the 7010 Nexus switch. I created a VDC and allocated few ports and configured VLAN for testing. After enabling feature interface-vlan i was allowed to configured L3 interface for the vlan. I assigned ip address and connected few server to check the reachability but it says Destination Host Unreachable.
NX OS Ver : n7000-s1-dk9.5.2.4.bin
Configuration of the VDC below.
feature telnet
feature udld
feature interface-vlan
feature lacp
[Code]....
View 2 Replies
View Related
May 19, 2013
I am unable to connect a Wifi Modem wiith 2960 Switch having VLAN 1,Attached is the network diagram,what configurations i have to modified it,I need to Connect A Wifi Modem on VLAN 1 ,Connectivity is working fine between VLAN 10 and VLAN 1.What should be the next step to Connect Wifi Modem to VLAN 1 so that Users on VLAN 10 should connect to Internet.
View 14 Replies
View Related
Apr 22, 2012
Here is my configuration below , i have upgraded my C-3750 switch IOS from IPbase to IPservices , after upgrading i have tried to apply PBR on my Vlan 4 and failed , when i am tying to apply route-map to Vlan4 the command was taking but i am unable to see the route-map when sh run , i am giving the command as "ip policy route-map TTSL" in my Vlan4 , below is the configuration.
In Vlan2 i have connected one ISP and Vlan4 I have connected one ISP , my local subnets are 192.168.1.x and 192.168.2.x , now i want to route the 192.168.1.x traffic from Vlan2 and 192.168.2.x Traffic from Vlan4 .
sh boot
coreswitch#sh boot
BOOT path-list : flash:c3750-ipservices-mz.122-35.SE5/c3750-ipservices-mz.122-35.SE5.bin
[Code].....
View 9 Replies
View Related
Aug 23, 2009
Aug 24 11:32:16.275 AEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan21, changed state to down
Aug 24 11:32:36.827 AEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan21, changed state to up
Aug 24 11:35:23.854 AEST: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1/2, changed state to down
Aug 24 11:35:24.854 AEST: %LINK-3-UPDOWN: Interface FastEthernet0/1/2, changed state to downesw_mrvl_vlan_port_remove : Unable to find entry for VLAN(1) dbnum(1)
esw_mrvl_vlan_port_remove : Unable to find entry for VLAN(1) dbnum(1)(code)
When the above problem happens, as work-around, we delete VLAN.DAT file on the Compact Flash of this 2811 router and recopy the VLAN>DAT file back to teh Compact Flash.
Then it runs for a few weeks and the same problem happened.
Then we put a new Compact Flash and recopied VLAN.DAT to new CF and it ran for 3 weeks and same problem started again.
Could be 2811 router motherboard? This customer has thousands of these 2811 routers in identical setups and this is the only router that is having this problem.
View 6 Replies
View Related
Mar 11, 2012
I'm running into what seems a basic ip routing config problem with a Catalyst 3750 (IP Base) switch. I have several VLANS configured on the switch with IP routing enabled, and the switch is connected to the inside interace of a new ASA 5520 as follows:
ASA5520 IP (Default gateway): 192.168.1.1Switchport Gi1/0/1 is configured as a routed port, IP address 192.168.1.3 255.255.255.0Example VLAN is VLAN 100, IP address 192.168.100.1 255.255.252.0 From the switch CLI, I can ping all VLAN addresses, as well as the ASA5520, and the client laptop I'm testing with from VLAN 100.
From the client laptop on VLAN 100, I can ping all switch interface and VLAN addresses (inter-VLAN routing is working), including 192.168.1.3, but I CANNOT ping the default gateway at 192.168.1.1.
Here is the relevant configuration information on the 3750:
!
no aaa new-model
switch 1 provision ws-c3750x-24
system mtu routing 1500
[Code]....
View 4 Replies
View Related
Dec 9, 2012
I have a cisco 2851 router as the edge router, I have a 3750G and a 3560G switch and configured intervlan routing with four vlans, also connected to the switches a four servers and one has active directory and a dns server.i am able to ping from all te servers fine from different vlans and the servers are able to ping the edge router. the problem I am having is with DNS, in the edge router i have configured the isp's dns server address in ip name-server and i am able to reach the outside world.
the problem im having is the servers are not able to reach the outside, do i need to do something in the edge router to forward it to the 3750g or do i have to add my isp's dns servers on the 3750g with ip name-server.
View 5 Replies
View Related
Mar 3, 2012
I have this strange problem with my Macbook pro, when I connect it to my cisco 2940 8 port switch then I can reach my ISP (websites eg. google.com) in like 2 minuttes, then something is happening on my router, because suddenly I can´t reach my ISP
This is what I have found out so far:
1. when I lose connection to my ISP then I can only ping internal ip addresses eg. another computer in my network
2. if I renew my ip address on the Macbook then it works again in 2 minutts, then the same happens again. This is my network setup:
Router -> Switch 1 -> Switch 2
I also know that it is not the Macbook, because it have got a new motherboard, and it have been reinstalled
also if I use the Macbook on a other network then it works fine.
All my other computers ( windows and linux ) works fine, no problems.
To me it looks like it is a Nat and/or DNS problem, but I can´t fine out what it is.
View 7 Replies
View Related
May 27, 2012
i'm setting up vlan and inter-vlan routing in my lab. My vlan work well (routing between them and dhcp relay) on the LAN side of the ASA but they cannot reach internet trough the ASA.
Here my ASA settings :
Note : I know that the physical interface musn't have an @IP but my present network needs one to work. I'll fix this during my next tests.
: Saved
:
ASA Version 8.2(1)
!
[Code].....
View 8 Replies
View Related
Mar 6, 2012
I have been configuring a cisco ASA 5520, everything is working fine but when i create an ACL:
-access-list OUT extended permit ip 172.16.x.x 255.255.255.0 any
-access-group OUT out interface outside
i added ports like www or 443 and it is not working to Internet access a router is before to my firewall connected to my headquater, i can see my private networks but i cannot able to reach Internet access,
View 3 Replies
View Related
May 20, 2013
PCs --> SG500(4 vlans) --> rv042 --> Internet..vlan 1 is able to reach the internet..vlan 2-4 cannot reach the internet, but can reach vlan 1.
View 2 Replies
View Related
Mar 12, 2013
In one of my client location I have deployed one Cisco 3560X (core switch) and one SG-200-18 (access switch). I’ve configured three vlans (vlan 2, vlan 3 and management vlan 1), relevant trunking and I’ve connected two pc to the access switch to vlan 2 and 3 respectively. So far everything (including inter-vlan communication) works fine, except that I couldn’t reach the vlan 1 (management vlan) devices (access switch and core switch) from any pc which is connected to either vlan 2 or 3.
I’ve configured the “port VLAN membership” settings in SG-300 as follows,
Interface mode Administrative vlans Operational vlans
GE 2 Access 2UP
[Code].....
View 4 Replies
View Related
Jun 9, 2010
Just got a new SGE2010P layer 3 switch. I'm trying to configure Vlan to reach a few subnet. I have the original 192.168.1.0/24 as vlan1. I want to reach our WiFi subnet 192.168.10.0/24. The WIFI router is directly connected. It's new for me as the previous Job i was sorking with a ws-3750-48.
i did from console change my switch to layer 3 mode... ( i want it as the DGW for each Vlan)from the web interface, i create a vlan4 for our WIFI Next i go to ipv4 to add an IP address to vlan 4 like 192.168.10.254 /24 As soon as I apply the IP the switch stop responding, Ping request time out.. i need to reboot the switch..
View 2 Replies
View Related
Jul 31, 2011
We use Cisco Any connect with a Cisco ASA 5520 firewall. Today I changed the inside interface of the firewall's IP because i needed to do some inter vlan routing and needed to move the inside interface from the lan vlan to a routed port on our 3750.
Now people can vpn and authenticate to the MS radius inside but cannot access any network resources nor ping anything inside.
View 1 Replies
View Related
Jul 26, 2010
I am a complete novice at networking, but I was tasked to have an ASA 5520 do inter VLAN routing (since my shop doesn't have a layer 3 router).As a basic setup, I am trying to have three workstations on three different VLANs communicate with each other. The attached screenshot shows the topology. I am unable to ping from a PC to the ASA...therefore I can't ping to other VLANs.
ROUTER CONFIG:
ciscoasa#ciscoasa# show run: Saved:ASA Version 8.3(1)!hostname ciscoasadomain-name nullenable password ###### encryptedpasswd ###### encryptednamesdns-guard!interface GigabitEthernet0/0no nameifno security-levelno ip address!interface GigabitEthernet0/1no nameifsecurity-level 100ip address 10.10.1.1 255.255.255.0!interface GigabitEthernet0/1.10vlan 10nameif vlan10security-level 100ip address 10.10.10.1 255.255.255.0!interface GigabitEthernet0/1.20vlan 20nameif vlan20security-level 100ip address 10.10.20.1 255.255.255.0!interface GigabitEthernet0/1.30vlan 30nameif vlan30security-level 100ip address 10.10.30.1 255.255.255.0!interface GigabitEthernet0/2shutdownno nameifno security-levelno ip address!interface
[code]....
View 30 Replies
View Related
Nov 24, 2011
I have ASA 5520 and SSM-10 module. During copy between vlans, connected to gigabit port of asa the speed is up to 6,5 Mbyte/sec. Network cards and trunked switch are gigabit. I've temporarily disabled SSM but it didn't work. Here is my config. Also I found out, that putting SSM into bypass mode solves the problem. But I don't send any traffic to IPS. [code]
View 2 Replies
View Related
Jan 10, 2012
Between our hosting and a customer we have an extended vlan, traveling on a fiber, between two cisco 3560 switches.The thing is, that we want to create one or more vlans inside that extended vlan, in some way if possible?
View 3 Replies
View Related
