ā04-11-2019 12:36 PM
Cisco Wifi (VLAN30, 172.16.30.254)----Cisco Router(10.10.10.254)----Sonicwall (10.10.10.250)
I have a Cisco wireless AP. I can connect to it with any wireless device. I am getting an IP from the Cisco Router which is giving vlan 30 the subnet 172.16.30.0/24. But I am unable to get further than that.
The Cisco AP can ping out to the Cisco router subnet at 10.10.10.254. The router can ping the Sonicwall at 10.10.10.250. But the wireless subnet cannot ping the Sonicwall and the Sonicwall can't ping the AP 172 subnet.
Any suggestions?
Solved! Go to Solution.
ā04-11-2019 02:13 PM - edited ā04-11-2019 02:13 PM
@ReubenVGonzales Hello,
Does your router has a default route defined? "Gateway of last resort is not set"
Does your sonicwall has a router back to this network 172.16.30.0/24?
Does your sonicwall has a rule on lan allowing this network 172.16.30.0/24? After check rule, check NAT settins.
Thanks in advance.
ā04-11-2019 12:53 PM - edited ā04-11-2019 12:56 PM
Hi @ReubenVGonzales ,
Does the router have the two networks learned in its routing table?
Does the Sonicwall device have a path to the AP network?
Do the final devices connected to the AP have the correct gateway?
In the Sonicwall is the AP network enabled to go out ti internet?
Regards
ā04-11-2019 01:14 PM
Question #1 - Yes.This is the output of show IP route:
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 7 subnets, 3 masks
C 10.1.1.0/24 is directly connected, Vlan100
L 10.1.1.1/32 is directly connected, Vlan100
C 10.1.10.0/30 is directly connected, Vlan90
S 10.1.10.1/32 is directly connected, Vlan90
L 10.1.10.2/32 is directly connected, Vlan90
C 10.10.10.0/24 is directly connected, Vlan1
L 10.10.10.254/32 is directly connected, Vlan1
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.30.0/24 is directly connected, Vlan30
L 172.16.30.254/32 is directly connected, Vlan30
Question #2: Do you mean physical? The router that manages the 172.16.30.0/24 AP network is directly connected to port X0 of the Sonicwall. This is the same interface the 10.10.10.0/24 network is connected to as well. There is an "Any to Any" NAT policy set.
Question #3: Yes. The end points show the correct gateway of 172.16.30.254.
Question #4: I do have an address object for that network and I have created a NAT policy to be allowed access to X1 which is my WAN since this is a guest network only.
ā04-11-2019 02:13 PM - edited ā04-11-2019 02:13 PM
@ReubenVGonzales Hello,
Does your router has a default route defined? "Gateway of last resort is not set"
Does your sonicwall has a router back to this network 172.16.30.0/24?
Does your sonicwall has a rule on lan allowing this network 172.16.30.0/24? After check rule, check NAT settins.
Thanks in advance.
ā04-11-2019 02:19 PM
ā04-11-2019 02:26 PM
Thank you very much. Setting the "gateway of last resort" on the Cisco router AND updating the route policy on the Sonicwall fixed the issues.
ā04-11-2019 01:03 PM - edited ā04-11-2019 01:05 PM
Hello
Is the sonic fw actually aware of the AP subnet, does it have route for that subnet to reply to.
I think if you apply debug from the ap or the routers lan interface to the sonicfw and ping again you will see the reason in the error codes.
access-list 100 permit ip host 172.16.30.254 host 10.10.10.250
access-list 100 permit ip host 10.10.10.250 host 172.16.30.254
debug ip packet detail 100
debug ip arp
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide