Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1375
Views
0
Helpful
3
Replies

Unable to connect to DMZ and WAN via LAN

Go to solution
HadiBeheshti
Level 1
Level 1

‎01-31-2021 11:14 AM

Hi, I have a 3750 switch and three 2960 switches and a Kerio firewall.
IP range of 2960 switches: 10.10.31.0/24, 10.10.32.0/24, 10.10.41.0/24
DMZ IP Range: 10.10.10.0/24
LAN IP Range: 10.10.12.0/24
WAN IP Range: 180.140.32.0/24
IP Kerio: 10.10.10.2
Computers on the LAN can see each other. But they do not have access to the server. And do not see DMZ and WAN.
I defined a VLan for DMZ and a separate VLan for LAN.And a VLan for each of the 2960 switches that give devices IP through DHCP.
Thanks for pointing me to how I can modify the code.
I attached the code I used below.

3750 :

enable
configure terminal
hostname SW-Core
ip default-gateway 10.10.10.2
ip domain-name ********
vtp mode server
vtp domain ********
vtp version 2
vtp pruning
enable secret ********
line vty 0 15
password ********
login
exit
line console 0
password ********
login
exit
VLan 10
name DMZ
exit
VLan 12
name CORE
exit
VLan 31
name F3N
exit
VLan 32
name F3S
exit
VLan 41
name F4N
exit
interface vlan 10
ip address 10.10.10.11 255.255.255.0
no shutdown
exit
interface vlan 12
ip address 10.10.12.1 255.255.255.0
no shutdown
exit
interface vlan 31
ip address 10.10.31.1 255.255.255.0
no shutdown
exit
interface vlan 32
ip address 10.10.32.1 255.255.255.0
no shutdown
exit
interface vlan 41
ip address 10.10.41.1 255.255.255.0
no shutdown
interface range gigabitEthernet 1/0/1-6
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 1-99
no shutdown
exit
interface range gigabitEthernet 1/0/7-9
switchport mode access
switchport access vlan 10
no shutdown
exit
interface range gigabitEthernet 1/0/10-12
switchport mode access
switchport access vlan 12
no shutdown
exit
interface range gigabitEthernet 1/0/13-28
shutdown
exit
ip dhcp pool DMZ
network 10.10.10.0 255.255.255.0
default-router 10.10.10.11
dns-server 10.10.10.2
lease 8
exit
ip dhcp pool CORE
network 10.10.12.0 255.255.255.0
default-router 10.10.12.1
dns-server 10.10.10.10
lease 8
exit
ip dhcp pool F3N
network 10.10.31.0 255.255.255.0
default-router 10.10.31.1
dns-server 10.10.10.10
lease 8
exit
ip dhcp pool F3S
network 10.10.32.0 255.255.255.0
default-router 10.10.32.1
dns-server 10.10.10.10
lease 8
exit
ip dhcp pool F4N
network 10.10.41.0 255.255.255.0
default-router 10.10.41.1
dns-server 10.10.10.10
lease 8
exit
ip routing
ip dhcp excluded-address 10.10.10.1 10.10.10.12
ip dhcp excluded-address 10.10.12.1 10.10.12.10
ip dhcp excluded-address 10.10.31.1 10.10.31.10
ip dhcp excluded-address 10.10.32.1 10.10.32.10
ip dhcp excluded-address 10.10.41.1 10.10.41.10
exit
write

2960 :

enable
configure terminal
hostname SW-F3N
vtp mode client
vtp domain ********
ip default-gateway 10.10.31.1
enable secret ********
line vty 0 15
password ********
login
exit
line console 0
password ********
login
exit
interface gigabitEthernet 0/24
switchport mode trunk
no shutdown
exit
interface range gigabitEthernet 0/21-23
shutdown
exit
interface range gigabitEthernet 0/1-20
switchport mode access
switchport access vlan 31
no shutdown
exit
interface vlan 1
no ip address
shutdown
exit
interface vlan 31
ip address 10.10.31.2 255.255.255.0
no shutdown
exit
exit
write

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP

‎02-01-2021 10:26 PM - edited ‎02-01-2021 10:45 PM

Hello
On the 3750 you don’t have a default route to your FW, which you will require when ip routing is enabled, the default-gateway isn’t applicable in this case.
ip route 0.0.0.0 0.0.0.0 vlan 10 10.10.10.2

Lasty does the Fw have routes back towards the lan subnets?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Martin Aleksandrov
Cisco Employee
Cisco Employee

‎02-01-2021 07:30 AM

Hi there,

 

Kindly address your question to one of the following spaces https://community.cisco.com/t5/switching/bd-p/6016-discussions-lan-switching-routing since here we mostly handle the Cisco Small Business and Cisco Business product lines related queries.

 

Regards,

Martin

0 Helpful

Go to solution
paul driver
VIP
VIP

‎02-01-2021 10:26 PM - edited ‎02-01-2021 10:45 PM

Hello
On the 3750 you don’t have a default route to your FW, which you will require when ip routing is enabled, the default-gateway isn’t applicable in this case.
ip route 0.0.0.0 0.0.0.0 vlan 10 10.10.10.2

Lasty does the Fw have routes back towards the lan subnets?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
HadiBeheshti
Level 1
Level 1
In response to paul driver

‎02-19-2021 11:35 PM

No how must i do it?!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card