cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2283
Views
15
Helpful
19
Replies

Routing Logic mishap

fbeye
Level 4
Level 4

Hello.

 

I am having some routing issues and I know I am probably not seeing the obvious but here we go.

 

ASA-5508-X

   192.168.1.0

      inside DHCP (192.168.1.1-15)

   192.168.4.0

     server DHCP (192.168.4.177-181)

 

SB550X

   192.168.1.7 (vlan1)

         PBR to 192.168.5.1-15

   10.0.2.124 (vlan 2 (coming from different Router, unimportant))

         PBR to 192.168.16-32

 

The 192.168.4.0 is connecting to a L2 Switch so no routing needed. From that 192.168.4.x I have 192.168.4.180 which resolves back to an outside static IP x.x.x.180.

192.168.4.180 needs to PING 192.168.5.36 but can not seem to do so, and vice versa.

Their "common" connection is the ASA (192.168.4.0 (Subnet that .180 is on) and 192.168.1.0 (Subnet for the 192.168.5.0 via PBR on the SMB)).

On the ASA I have a static route;

inside192.168.5.0255.255.255.0192.168.1.71None

 

So I am unsure how to make 192.168.4.0 PING 192.168.5.0 (which translates through 192.168.1

19 Replies 19

Good Morning to you both.

 

I will fulfill those requests later when I am able to put more time into it but I think really you hit “the” nail on the head;

 

Lastly don't forget 192.168.5.16 - 32 will not be able to respond to any traffic from the asa because you have it presumably routing via the office wan”.

 

This be be the major factor as 192.168.4.179 (Linux Server) routes through the ASA to 192.168.4.1 whereas 192.168.5.16-32 (in example) indeed routes through Office WAN and not ASA. Maybe this is why I can ping 192.168.5.1 (SG550X) and not Linux.

Though I’d assume it should (but doesn’t ping) 192.168.5.2 (Windows machine).

As far as ACL there currently are none but was wondering if there should be.

For now maybe that helps.

Hello


 Maybe this is why I can ping 192.168.5.1 (SG550X) and not Linux.

Though I’d assume it should (but doesn’t ping) 192.168.5.2 (Windows machine).


192.168.5.1 is the rtr itself so i would assume you would be able to reach it, but for any host you try to reach in vlan 1 on the 5550 that's included in that PBR policy you wont be able to reach unless the traffic is going to/from that office wan

Remove the PBR policy's and test connection again then if works than you can implement filtering thereafter 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

I will indeed rule out the PBR’s and see if Linux (4.179) can talk to, ping and even mount NAS (5.36). Thank you .

 

Here is the ASARoute for now...

fbeye
Level 4
Level 4

Hello.

 

not trying to throw a curve ball here but what if;

 

1.) I change the Linux server from 192.168.4.179 to 192.168.5.179 which add it to the LAN/ vlan 1

     on the SB.

2.) I make GE 0/3 into 192.169.4.179

3.) I make a PBR from 192.168.5.179 to    

     192.168.4.179 (For WAN Access)

4.) There is already NAT from (WAN) IP to

     192.168.4.179 so no other translations                
     needed? 
Could this be a solution?

I would naturally have to do the same for each of the 192.168.4.0 Servers. 

Hello

I would suggest just remove the pbr for now and test if that works which based on what you have shared already it should then we can proceed to tie the network down and introduce your pbr again - you need basic connectivity before administering and adding complexity to a network 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Review Cisco Networking for a $25 gift card