Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
333
Views
0
Helpful
3
Replies

VLAN Routing

andyhsu
Level 1
Level 1

‎12-04-2002 08:12 PM - edited ‎03-02-2019 03:23 AM

Hello,

I have a Catayst 3550 with EMI that I created two VLANs on.

VLAN 1: 10.4.4.0/24

VLAN 2: 10.5.5.0/24

After routing was enabled, I was able to send packets between VLANs with no problems. I have a PIX 506E that acts as my gateway (and is connected to a port in VLAN 1), which does NAT to a real IP on the outside interface that shares a /29 with my gateway router. The issue I have now is that I can't access the Internet from other VLANs with this setup. All hosts on VLAN 1 with the VLAN interface IP set as their gateway have no problems going out (I've also configured a default route on the switch to forward packets toward the PIX internal interface). Other than enabling NAT on the switch (which I don't think it supports), how would I be able to provide internet access to hosts residing on other VLANs? Put another way, is there anything I can do with my existing hardware, or will I require something extra?

Thanks in advance for any help (any tutorial links would also be appreciated),

Andy Hsu

Current setup:

(10.4.4.2) (10.4.4.1) (Real IP) (Real IP)

|VLAN 1|--------------------------|PIX 506E|---------------|Cisco 2621|-----|Internet|

|Catalyst 3550 - EMI|

|VLAN 2|

(10.5.5.1)

|

|

|Host| (10.5.5.100) <---Can't access Internet

Labels:
0 Helpful
3 Replies 3

milan.kulik
Level 10
Level 10

‎12-05-2002 12:36 AM

Have you tried to traceroute from VLAN2 to Internet? Where does it stop?

According to your description I'd guess there is something wrong with your NAT.

How does it look like? Is it translating IP addresses from VLAN2?

Regards,

Milan

0 Helpful

andyhsu
Level 1
Level 1
In response to milan.kulik

‎12-05-2002 06:45 PM

Thanks for the advice. The fix was actually very easy. The problem stemmed from the fact that there was no route from the PIX back to VLAN 2. The data was able to go out, but didn't know where to go after it came back in. I simply added a static route to the PIX, and everything was fine after that.

--Andy

0 Helpful

sachin
Level 1
Level 1

‎12-05-2002 04:21 AM

Check whether NATing is enable for VLAN 2 subnet on PIX.

I am assuming that you are having internal router for inter VLAN routing so define route for subnet (VLAN 2) on PIX pointing internal router ( which knows both the VLAN)

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card