Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1928
Views
0
Helpful
25
Replies

VLANs not communicating to the internet

isoto
Level 1
Level 1

‎08-04-2022 11:28 AM

Hello. I need some help. I just setup a cisco firepower and setup vlans on there. I created the same vlans on the switch, but I cant get vlans to reach out to the internet. The native vlan 1 can, but not any of the others. 

0 Helpful
25 Replies 25

isoto
Level 1
Level 1
In response to IP_Cartel

‎08-04-2022 12:15 PM

That was the screen shot I provided earlier. I can not make a route for the vlans because of the implicit route

2022-08-04 12_14_59-Window.png

0 Helpful

isoto
Level 1
Level 1

‎08-04-2022 11:53 AM

Sorry @Rob Ingram I just saw your response I just change it and am getting the same thing

2022-08-04 11_52_00-Window.png2022-08-04 11_52_47-Window.png

0 Helpful

Rob Ingram
VIP
VIP
In response to isoto

‎08-04-2022 11:58 AM - edited ‎08-04-2022 12:40 PM

@isoto the ping is sourced from the switch from a different VLAN, so it's probably routing the packet using 192.168.1.1 as its next hop, but you've got all of the VLANs defined on the FTD.

If you had a host connected to one of the VLANs on the switch with the default gateway as the FTD's IP address (not the switch SVI) it may well work, assuming NAT and ACP rules are setup correctly.

Or make a routed link between the FTD and the switch, remove the VLANs on the FTD, create static routes on the FTD to the VLAN networks on the switch and assuming the NAT and ACP is configured correctly it would work.

 

0 Helpful

isoto
Level 1
Level 1
In response to Rob Ingram

‎08-04-2022 12:03 PM

The default gateway being the FTD's inside interface correct, 192.168.1.1?

0 Helpful

isoto
Level 1
Level 1
In response to Rob Ingram

‎08-04-2022 12:38 PM

Im going to hope on that and see if it works. 

0 Helpful

isoto
Level 1
Level 1

‎08-04-2022 12:11 PM

Also, if I try to ping the default gateway from vlan 2 I cant reached it

2022-08-04 12_10_26-Window.png

 

 

0 Helpful

IP_Cartel
Level 1
Level 1
In response to isoto

‎08-04-2022 12:12 PM

I think this video will help you.

https://www.youtube.com/watch?v=3cuf2SjH-6A&ab_channel=NetworkingHub

0 Helpful

IP_Cartel
Level 1
Level 1
In response to IP_Cartel

‎08-04-2022 12:16 PM

here is another video.  You want to send traffic back to the switch. ignore the DMZ part.

https://www.youtube.com/watch?v=5K-mHnGoydE&ab_channel=AyoKush

0 Helpful

Marius Gunnerud
VIP
VIP
In response to isoto

‎08-05-2022 05:18 AM

Could you run a packet-tracer on the FTD device and post the output here.  This should give us an indication of where it is being dropped.

packet-tracer input inside tcp 192.168.2.2 12345 8.8.8.8 443 detail

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Aref Alsouqi
VIP
VIP
In response to isoto

‎08-05-2022 08:32 AM

I didn't read all the posts thoroughly so apologies if I missed anything. The issue seems to be related to some wrong config on the link that is connecting the FTD to the switch. Please make sure that link configured as a trunk and all the used VLANs are allowed.

0 Helpful

isoto
Level 1
Level 1

‎08-08-2022 05:53 AM

Thank you everyone for your help. Im going to try to get the users to plug in a host to one of the ports to see if I am just reading to much into the source ping. The setup is remote by over 1000 miles so I cant just plug it in myself.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card