LAN/WAN routing help_cisco 3750, cisco 1841, cisco PIX 525

Abhishek Nagar · ‎02-21-2013

Dear Colleagues

Pl help me with below problem

I am trying to introduce BG router (cisco 1841) before ISP FW, (FW-BG-ISP)

After doing that and necessary routes, All services are working fine.

but there are two servers, which are not able to connect.

Both these servers, have the public IP address,

and there is cisco 3750 switch between server and FW.

Please check the diagram, and let me know for more information from any of the device, like show run or routes etc

I have invested lot of time but could not find the problem

I have wire shark captured on switch interface. if it may helpful

pl note i have amend the IPs (public IP), these are not actual,

Wilson Bonilla · ‎02-27-2013

Hello Abhishek.

I understand that you're facing a connectivity problem, from the server connected behind the 3750 upstream to the internet.

May I ask:

1- Who is the default gateway for those servers?

2- Are they able to ping its default gateway?

3- Is the default gateway able to go the internet?

4- If the default gateway is the 3750 can you span the SVI doing routing for the servers?

5- If the default gateway is the 1841 can you configure an access-list to see if there's hitcounts outgoing?

6- Also please attach the topology diagram back again, it appears to be corrupted or something I can't downloaded.

Regards.

Wilson

Abhishek Nagar · ‎03-02-2013

Thanks Wilson for picking this up.

I am attaching the diagram again

Unfortunetly I dont have access to these servers, so need to wait till get the interface config details.

Can you please elaborate more on span SVI on 3750? how to do?

Wilson Bonilla · ‎03-02-2013

Hello Abhishek.

I was able to opened the zip file and check the topology diagram, but I'm missing the information I requested before.

Post this informaton:

From the server:

What vlan is the server in?

Who is the default gateway of those two servers?

From the 3750

Is the 3750 acting as a layer 3 switch.

What are the two interfaces connected the 3750 to the servers and how are they configured?

What is the upstream interfaces connected to CISCOPIX? and how is it configured?

From the PIX525

Send the show version

Send the show run

From the BG router.

Send the show run.

Put all those outputs in a notepad and attached to the post, I will be looking at it as soon as I have access to that information and let you know my findings.

Regards

Wilson B.

Abhishek Nagar · ‎03-04-2013

Hi Wilson

I have uploaded my reply.

few are as below:

Pl note that I need to change the IP addresses, to hide the identity,

and need to modify the sh run of pix and sh run of BG, due to policy, i hope you understand

so if you do not get the information you are looking for then please let me know.

thanks

What vlan is the server in?

interface Vlan30

description server1

ip address 87.24.18.97 255.255.255.240

end

!

interface GigabitEthernet1/0/16

description beta port server2

no switchport

ip address 37.41.91.1 255.255.255.224

speed 100

end

Who is the default gateway of those two servers?

Not sure, there is VPN connectivity, still pl wait, i am trying to collect

From the 3750

Is the 3750 acting as a layer 3 switch.

> yes

What are the two interfaces connected the 3750 to the servers and how are they configured?

>

!

interface GigabitEthernet1/0/14

description alpha port server1

switchport access vlan 30

switchport mode access

speed 100

end

interface Vlan30

description server1

ip address 87.24.18.97 255.255.255.240

end

Current configuration : 120 bytes

!

interface GigabitEthernet1/0/12

description pix connectivity

switchport access vlan 40

speed 100

duplex full

end

middle-switch#sh run int vlan 40

Building configuration...

Current configuration : 82 bytes

!

interface Vlan40

description pix

ip address 10.200.165.4 255.255.255.192

end

What is the upstream interfaces connected to CISCOPIX? and how is it configured?

name 10.200.165.1 corporate_int

interface Ethernet4

speed 100

duplex full

nameif cpt

security-level 50

ip address corporate_int 255.255.255.192

!

From the PIX525

Send the show version

GPRS-PIX# sh ver

Cisco PIX Security Appliance Software Version 8.0(4)

Device Manager Version 6.1(5)51

Compiled on Thu 07-Aug-08 19:42 by builders

System image file is "flash:/pix804.bin"

Config file at boot was "startup-config"

GPRS-PIX up 10 days 6 hours

Hardware: PIX-525, 256 MB RAM, CPU Pentium III 600 MHz

Flash E28F128J3 @ 0xfff00000, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

Encryption hardware device : VAC+ (Crypto5823 revision 0x1)

0: Ext: Ethernet0 : address is 001a.2f35.704e, irq 10

1: Ext: Ethernet1 : address is 001a.2f35.704f, irq 11

2: Ext: Ethernet2 : address is 000f.a3e9.8788, irq 11

3: Ext: Ethernet3 : address is 000f.a3e9.8789, irq 10

4: Ext: Ethernet4 : address is 000f.a3e9.878a, irq 9

5: Ext: Ethernet5 : address is 000f.a3e9.878b, irq 5

6: Ext: GigabitEthernet0 : address is 000e.0cbb.07cb, irq 5

Licensed features for this platform:

Maximum Physical Interfaces : 10

Maximum VLANs : 100

Inside Hosts : Unlimited

Failover : Active/Active

VPN-DES : Enabled

VPN-3DES-AES : Enabled

Cut-through Proxy : Enabled

Guards : Enabled

URL Filtering : Enabled

Security Contexts : 2

GTP/GPRS : Disabled

VPN Peers : Unlimited

This platform has an Unrestricted (UR) license.

Serial Number: 810451377

Running Activation Key: 0x713ec564 0x2c463c6b 0x0ca111d4 0xb6602c44 0x04173283

Configuration has not been modified since last system restart.

Send the show run

Abhishek Nagar · ‎03-04-2013

Hi Wilson

The default gateway for the server 1 is the IP address of int VLAN 30, 87.24.18.97

Abhishek Nagar · ‎03-06-2013

hi Wilson

tonight i have tried again, and split the access rule in firewall,

i can see hits coming from server IP towards internet,

but no hits coming from internet to server IP ranges

any clue?

dreams_as_money · ‎03-02-2013

Hi,

plzz use jpg format it is corrupted