Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1256
Views
0
Helpful
7
Replies

Cisco to Firewall Problem

unleashed333
Level 1
Level 1

‎06-19-2013 09:31 AM - edited ‎03-04-2019 08:15 PM

Dear All

Image is Attached.

Access Switch 2960 --->Core Switch 3750----> SonicWall 4500----->ACCESS Switch(vlan 1)

Access  switch with vlan 90 is directly connected to gig0/12 (routed port of  3750) and FA0 of 3750 is connected to Firewall X3(192.168.80.1) and  Firewall is connected to two others switch with default vlan 1.

3750 is able to ping vlan 1 ip (192.168.1.X)

3750 has static route to vlan 1

3750 is able to ping 192.168.90.X (vlan 90)

firewall is able to ping vlan 1 ip

firewall is able to ping 3750

firewall is unable to ping vlan 90 .

Firewall has route to 192.168.90.X network.

Access switch is unable to ping firewall IP and VLAN 1 (192.168.1.X)

Please find the attached image and let me know where i am lacking.

Labels:
Preview file
60 KB
0 Helpful
7 Replies 7

Jan Rolny
Level 3
Level 3

‎06-19-2013 10:18 AM

Hello,

seems that firewall do not know 192.168.90.x network.

Has your Access switch on VLAN90 defined default route to 3750?

Can you post sh ip route of  3750 and 2960 switches?

Also in your post is probably typo, so I want jut to verify if it is correct. You say that one interface is gig0/12 and second is FA0 on 3750 switch? Why FA0?

Best Regards,

Jan

0 Helpful

unleashed333
Level 1
Level 1
In response to Jan Rolny

‎06-20-2013 11:26 PM

It was mistaknely typed FA0

Output of 3750

Gateway of last resort is not set

S    192.168.1.0/24 [1/0] via 192.168.80.1

C    192.168.80.0/24 is directly connected, FastEthernet0/1

C    192.168.90.0/24 is directly connected, FastEthernet0/0

Firewall route

- Source = Any

- Under Destination = specify Create New Address Object.

    Enter a name for the static route.

    Specify the Zone Assignment as LAN.

    Specify the Type as Network.

    Specify the IP Address 192.168.90.0.

    Specify the Netmask 255.255.255.0

    Click OK.

- Service = Any

- Under Gateway = specify Create New Address Object.

    Enter a name for the local router.

    Specify the Zone Assignment as LAN.

    Specify the Type as Host.

    Specify the IP Address 192.168.80.2

    Click OK.

- Specify the interface as LAN.

- Specify the metric as 1.

0 Helpful

unleashed333
Level 1
Level 1
In response to Jan Rolny

‎06-22-2013 12:00 AM

Dear All

I made some changes

attached is the Config  of 3750

3750-SWITCH(config)#do sh run
Building configuration...

Current configuration : 1625 bytes
!
! Last configuration change at 00:37:29 UTC Mon Mar 1 1993
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 3750-SWITCH
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
switch 1 provision ws-c3750x-12s
system mtu routing 1500
ip routing
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
interface FastEthernet0
ip address 192.168.80.2 255.255.255.0
no ip route-cache cef
no ip route-cache
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface Vlan1
ip address 192.168.90.1 255.255.255.0
ip helper-address 192.168.80.1
!
ip default-gateway 192.168.80.1
!
ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.80.1
ip route 192.168.80.0 255.255.255.0 FastEthernet0
!
logging esm config
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
login
line vty 5 15
login
!
end

S*    0.0.0.0/0 [1/0] via 192.168.80.1

      192.168.80.0/24 is variably subnetted, 2 subnets, 2 masks

C        192.168.80.0/24 is directly connected, FastEthernet0

L        192.168.80.2/32 is directly connected, FastEthernet0

      192.168.90.0/24 is variably subnetted, 2 subnets, 2 masks

C        192.168.90.0/24 is directly connected, Vlan1

L        192.168.90.1/32 is directly connected, Vlan1

config of 2960

2960-ACCESS#show run
Building configuration...

Current configuration : 2420 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 2960-ACCESS
!
boot-start-marker
boot-end-marker
!
!
!
!
no aaa new-model
switch 1 provision ws-c2960s-48lps-l
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet1/0/29
!
interface GigabitEthernet1/0/30
!
interface GigabitEthernet1/0/31
!
interface GigabitEthernet1/0/32
!
interface GigabitEthernet1/0/33
!
interface GigabitEthernet1/0/34
!
interface GigabitEthernet1/0/35
!
interface GigabitEthernet1/0/36
!
interface GigabitEthernet1/0/37
!
interface GigabitEthernet1/0/38
!
interface GigabitEthernet1/0/39
!
interface GigabitEthernet1/0/40
!
interface GigabitEthernet1/0/41
!
interface GigabitEthernet1/0/42
!
interface GigabitEthernet1/0/43
!
interface GigabitEthernet1/0/44
!
interface GigabitEthernet1/0/45
!
interface GigabitEthernet1/0/46
!
interface GigabitEthernet1/0/47
!
interface GigabitEthernet1/0/48
!
interface GigabitEthernet1/0/49
switchport mode trunk
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
!
interface Vlan1
ip address 192.168.90.3 255.255.255.0
!
ip default-gateway 192.168.90.1
ip http server
ip http secure-server
!
line con 0
logging synchronous
line vty 0 4
login
line vty 5 15
login
!
end

2960-ACCESS#show run
Building configuration...

Current configuration : 2420 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 2960-ACCESS
!
boot-start-marker
boot-end-marker
!
!
!
!
no aaa new-model
switch 1 provision ws-c2960s-48lps-l
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet1/0/29
!
interface GigabitEthernet1/0/30
!
interface GigabitEthernet1/0/31
!
interface GigabitEthernet1/0/32
!
interface GigabitEthernet1/0/33
!
interface GigabitEthernet1/0/34
!
interface GigabitEthernet1/0/35
!
interface GigabitEthernet1/0/36
!
interface GigabitEthernet1/0/37
!
interface GigabitEthernet1/0/38
!
interface GigabitEthernet1/0/39
!
interface GigabitEthernet1/0/40
!
interface GigabitEthernet1/0/41
!
interface GigabitEthernet1/0/42
!
interface GigabitEthernet1/0/43
!
interface GigabitEthernet1/0/44
!
interface GigabitEthernet1/0/45
!
interface GigabitEthernet1/0/46
!
interface GigabitEthernet1/0/47
!
interface GigabitEthernet1/0/48
!
interface GigabitEthernet1/0/49
switchport mode trunk
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
!
interface Vlan1
ip address 192.168.90.3 255.255.255.0
!
ip default-gateway 192.168.90.1
ip http server
ip http secure-server
!
line con 0
logging synchronous
line vty 0 4
login
line vty 5 15
login
!
end

0 Helpful

Abzal
Level 7
Level 7

‎06-19-2013 09:42 PM

Hi,

1. Check if PC connected port on switch on VLAN 90.

2. Check if PC has default GW as IP 192.168.90.1

3. Configure on access switch in VLAN 90

ip default-gateway 192.168.90.1

and on second access switch:

ip default-gateway 192.168.1.1

And how did you test this "firewall unable to ping VLAN 90"?

Hope it will help.

Best regards,
Abzal

Best regards,
Abzal
0 Helpful

unleashed333
Level 1
Level 1
In response to Abzal

‎06-20-2013 11:29 PM

Dear Abzal

PC is pinging 192.168.90.1(gateway) and 192.168.80.2(3750X IP) but not 192.168.80.1(firewall IP),

under system/disgnostic there is ping option in firewall .firewall is pinging 192.168.80.2 but not VLAN 90(192.168.90.X)

0 Helpful

Jan Rolny
Level 3
Level 3
In response to unleashed333

‎06-21-2013 04:41 AM

Hi,

what about acess list applied on FW? Probably your firewall deny ping from outside by default.

Are you able list route table from FW?

Jan

0 Helpful

unleashed333
Level 1
Level 1
In response to Jan Rolny

‎06-22-2013 10:50 PM

Dear All

I made some changes

attached is the Config  of 3750

3750-SWITCH(config)#do sh run
Building configuration...

Current configuration : 1625 bytes
!
! Last configuration change at 00:37:29 UTC Mon Mar 1 1993
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 3750-SWITCH
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
switch 1 provision ws-c3750x-12s
system mtu routing 1500
ip routing
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
interface FastEthernet0
ip address 192.168.80.2 255.255.255.0
no ip route-cache cef
no ip route-cache
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface Vlan1
ip address 192.168.90.1 255.255.255.0
ip helper-address 192.168.80.1
!
ip default-gateway 192.168.80.1
!
ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.80.1
ip route 192.168.80.0 255.255.255.0 FastEthernet0
!
logging esm config
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
login
line vty 5 15
login
!
end

S*    0.0.0.0/0 [1/0] via 192.168.80.1

      192.168.80.0/24 is variably subnetted, 2 subnets, 2 masks

C        192.168.80.0/24 is directly connected, FastEthernet0

L        192.168.80.2/32 is directly connected, FastEthernet0

      192.168.90.0/24 is variably subnetted, 2 subnets, 2 masks

C        192.168.90.0/24 is directly connected, Vlan1

L        192.168.90.1/32 is directly connected, Vlan1

config of 2960

2960-ACCESS#show run
Building configuration...

Current configuration : 2420 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 2960-ACCESS
!
boot-start-marker
boot-end-marker
!
!
!
!
no aaa new-model
switch 1 provision ws-c2960s-48lps-l
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet1/0/29
!
interface GigabitEthernet1/0/30
!
interface GigabitEthernet1/0/31
!
interface GigabitEthernet1/0/32
!
interface GigabitEthernet1/0/33
!
interface GigabitEthernet1/0/34
!
interface GigabitEthernet1/0/35
!
interface GigabitEthernet1/0/36
!
interface GigabitEthernet1/0/37
!
interface GigabitEthernet1/0/38
!
interface GigabitEthernet1/0/39
!
interface GigabitEthernet1/0/40
!
interface GigabitEthernet1/0/41
!
interface GigabitEthernet1/0/42
!
interface GigabitEthernet1/0/43
!
interface GigabitEthernet1/0/44
!
interface GigabitEthernet1/0/45
!
interface GigabitEthernet1/0/46
!
interface GigabitEthernet1/0/47
!
interface GigabitEthernet1/0/48
!
interface GigabitEthernet1/0/49
switchport mode trunk
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
!
interface Vlan1
ip address 192.168.90.3 255.255.255.0
!
ip default-gateway 192.168.90.1
ip http server
ip http secure-server
!
line con 0
logging synchronous
line vty 0 4
login
line vty 5 15
login
!
end

2960-ACCESS#show run
Building configuration...

Current configuration : 2420 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 2960-ACCESS
!
boot-start-marker
boot-end-marker
!
!
!
!
no aaa new-model
switch 1 provision ws-c2960s-48lps-l
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet1/0/29
!
interface GigabitEthernet1/0/30
!
interface GigabitEthernet1/0/31
!
interface GigabitEthernet1/0/32
!
interface GigabitEthernet1/0/33
!
interface GigabitEthernet1/0/34
!
interface GigabitEthernet1/0/35
!
interface GigabitEthernet1/0/36
!
interface GigabitEthernet1/0/37
!
interface GigabitEthernet1/0/38
!
interface GigabitEthernet1/0/39
!
interface GigabitEthernet1/0/40
!
interface GigabitEthernet1/0/41
!
interface GigabitEthernet1/0/42
!
interface GigabitEthernet1/0/43
!
interface GigabitEthernet1/0/44
!
interface GigabitEthernet1/0/45
!
interface GigabitEthernet1/0/46
!
interface GigabitEthernet1/0/47
!
interface GigabitEthernet1/0/48
!
interface GigabitEthernet1/0/49
switchport mode trunk
!
interface GigabitEthernet1/0/50
!
interface GigabitEthernet1/0/51
!
interface GigabitEthernet1/0/52
!
interface Vlan1
ip address 192.168.90.3 255.255.255.0
!
ip default-gateway 192.168.90.1
ip http server
ip http secure-server
!
line con 0
logging synchronous
line vty 0 4
login
line vty 5 15
login
!
end

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card