It looks your router doesnt have a route to 20.X.X.X .define a route for the 20.X.X.X network in your router via the 10.0.0.2 .

vlan 2

10.x.x.2

vlan 3

20.x.x.2

i have route from 10.x.x.1 (fw) point to 10.x.x.2 for the 20.x.x.x network.

I have not tried a routing protocol.

but the above should do the job ?

Any suggestions? or is it anything to do with the IOS ?

Hi,

you can get this to work without a routing protocol, if you ensure that:

- hosts on the 30.x.x.x network have a default route pointing towards 30.x.x.1

- firewall 30.x.x.1 has a route for 20.x.x.0 via 10.1.1.2

- ip routing is enabled on the 3550

- hosts on the 20.x.x.x network have a route to 30.x.x.x

The latter can be accomplished in a few different ways. If the host you're trying to reach from 30.x.x.x is on the same segment as the VLAN3 interface (i.e. in the 20.x.x.x range), then that host's default gatweway should point to 20.x.x.2.

If the hosts you're trying to reach from 30.x.x.x is behind 20.x.x.1, then you'll need to make sure that that host's default gateway points to the ip addres of (presumably) the firewall.

Finally, you'll have to make sure that the firewall's policies permit traffic between these networks.

Maybe you could show us a traceroute and some more debug info, if this doesn't help?