Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
289
Views
0
Helpful
6
Replies

VLANs cannot access internet

Koffman
Level 1
Level 1

‎04-22-2024 11:01 AM

Dear all,

I am configuring a network cfomposed of 4 VLANs with the following devices:

- NetGate 6100 Firewall

- A Cisco 2951 Router

- Ciscon 2960 Switch

VLANs and DHCP were configured on the 2951 router.

Note that NAT function is handled by the Firewall.

After the config of router and switch, PCs in every VLAN cannot access internet but can talk to each other.

IP address for the Firewall is 192.168.2.1

Please, assist me to solve this.

Thank you.

 

Labels:
0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎04-22-2024 11:20 AM 

 assist me to solve this.

To solve this you need to post diagram and the configuration of the devices.

ping and tracepath is the best tools investigate ?

None of the VLAN working for Internet ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Koffman
Level 1
Level 1
In response to balaji.bandi

‎04-22-2024 12:04 PM

Hello,
Thank you for responding. I attached the config for both R01 and Sw01
0 Helpful

Koffman
Level 1
Level 1
In response to Koffman

‎04-23-2024 02:07 AM

Here are the configs.

 

Preview file
2 KB
Preview file
2 KB
0 Helpful

Georg Pauwen
VIP
VIP
In response to Koffman

‎04-23-2024 02:15 AM

Hello,

what is the purpose of the Vlan interfaces on the switch ? You have not posted the entire switch configuration, so it is difficult to see if this is a layer 3 switch. What is the default gateway your clients are using ?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Georg Pauwen

‎04-24-2024 08:57 AM

I have looked at the router config and am puzzled. It shows an interface with a /30 mask and comment that it connects to switch which suggests that it is a routed link to the switch. But then there are a bunch of /24 subinterfaces which suggest that the interface is a trunk connecting to the switch. Can you clarify the environment. 

I note that the router does have what appears to be an appropriate default route, so it is not surprising that devices on the inside networks can communicate with each other. If those devices are not able to communicate with Internet I can think of 2 things that could cause this symptom:

1) perhaps there is some routing issue on the firewall and it does not recognize the inside networks.

2) I think it more likely that the issue is that the firewall is not correctly doing address translation for the inside networks.

Investigating either of these will take insight into the configuration of the firewall.

HTH

Rick
0 Helpful

Aref Alsouqi
VIP
VIP

‎04-23-2024 02:06 AM - edited ‎04-23-2024 02:07 AM

I don't seem to find the attached configs, but anyway, I would start testing the connectivity to the firewall. From the PCs you can try to ping the firewall interface that is connected to the router, if that shouldn't succeed then the issue would most likely be related to routing, maybe the firewall doesn't know how to get back to the internal VLANs subnets. However, if that should succeed I would try to ping the ISP device, if that should fail probably the issue would be related to NAT, maybe the internal traffic is not being NAT as it should.

0 Helpful
Customers Also Viewed These Support Documents