Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
478
Views
0
Helpful
4
Replies

Firewall VLAN issue

Go to solution
ohareka70
Level 3
Level 3

‎10-28-2015 12:46 PM - edited ‎03-11-2019 11:48 PM

Hello,

I have a server vlan 10.4.x.x with over 200 servers but i wanted one application in its own vlan.  So i created vlan 10.17.x.x 

The servers are now seperated by a firewall

i moved a first test server across and put in the firewall rules on the cisco asa 

# NO problems at all - the 10.4.x.x. server can ping the 10.17.x.x server 

so i moved a second test server and put it into the same rule but the 10.4.x.x servers cant see it

The firewall can ping test server 1 but not the second test server 

the bit i have no control over is:

server team looks after the servers on both 10.4.x.x. and 10.17.x.x networks - i just provide the network and firewall infrastructure

they say that test server 2 is pinging ok on the box

test server 1 cant see test server 2 even though they are on the same subnet

- only thing i can think of is that test server 1 and test server 2 might be sitting on different chassis but still both on the same 10.4.x.x network

any ideas are welcome

regards,

Kevin

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to ohareka70

‎10-28-2015 01:26 PM

And test server 1 cannot ping 2 or 3 ?

If so it comes back to what I said before

If you cannot ping within the same vlan then is not usually a firewall problem because traffic only goes to the firewall for destination IPs in different subnets.

Assuming the IP address, subnet mask information is consistent it sounds like a vlan issue.

Jon

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎10-28-2015 01:03 PM

Kevin

What do the server team mean when they say test server 2 is pinging ok on the box.

If you cannot ping between the test servers then rather than concentrate on the firewall can you -

1) verify the servers are both allocated into your new vlan

2) verify they are in the same IP subnet with the same subnet mask.

Also check the default gateways although this should not stop ping between the servers.

Jon

0 Helpful

Go to solution
ohareka70
Level 3
Level 3
In response to Jon Marshall

‎10-28-2015 01:20 PM

Jon,

Both servers are virtual machines sitting in a Dell Chassis.  The can login to test server 2 (and also test server 3) and they are up and can ping themselves ok.  Test server 2 & 3 can ping each other because they are on the same chassis

test server 1 is working ok via the firewall to the corporate network but it cant see the two new servers even though all 3 are on the same subnet and have their own vlan on the firewall interface

thanks

Kevin

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to ohareka70

‎10-28-2015 01:26 PM

And test server 1 cannot ping 2 or 3 ?

If so it comes back to what I said before

If you cannot ping within the same vlan then is not usually a firewall problem because traffic only goes to the firewall for destination IPs in different subnets.

Assuming the IP address, subnet mask information is consistent it sounds like a vlan issue.

Jon

0 Helpful

Go to solution
ohareka70
Level 3
Level 3
In response to Jon Marshall

‎10-29-2015 09:28 AM

Got it sorted.  One of the Corporate routers was missing the subnet for the new vlan which sits on the cisco firewall interface. 

Its working fine now

thanks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card