default Gateway For VLans

oosama123 · ‎12-07-2016

hi everyone

this my first time here , hop everyone is doing fine :)

I'll try to be fast ,,, we have here 4 vlans ( vlan46 ,47,48,49) "" ip range = vlan name ""

and l3 switch 4500e (192.168.46.1,) , connected to fire ASA firewall (192.168.46.200)

Now , when any user from vlan 46 ping to firewall it's work fine. but any other vlan it's not pinging.

and the main problem here that we have a DMZ zone at 192.168.18.0,any user at 46 can log in and work , but user from other vlan cannt work

but , if i add this command to their PCs it will work : command prompt -->route add 192.168.18.0\24 192.168.48.200 (this from vlan 48 for ex.)

hope i made my self clean . English is not my first language :)

** already Add : ip route 0.0.0.0 192.168.46.200

and tried also ip route 192.168.18.0\24 192.168.46.200

still when you do tracert 192.168.18.1 ,,,,

it will go to 192.168.48.1 then stuck

but if you do it from vlan 46 :

192.168.46.1

192.168.16.1

enough talking :)

Wesoley · ‎12-07-2016

It appears that the firewall does not have a route to the 16 network. Therefore, verify that the firewall has a route statement to get to the 16 network. If not, add this to your ASA, route (inside interface name) 192.168.47.0 255.255.255.0 192.168.46.1

oosama123 · ‎12-07-2016

first of all thank you for your kind reply , second , am sorry by mistake i put 16 the correct one is 18 Now , when i try to add this command to my ASA it give me error : (config)# route inside1 192.168.18.0 255.255.255.0 192.168.46.1 ERROR: Cannot add route, connected route exists ** If you are in 46 subset everything work fine

Wesoley · ‎12-08-2016

I am sorry, that was my error. On the ASA, add these routes and you should be good.

route inside1 192.168.47.0 255.255.255.0 192.168.46.1

route inside1 192.168.48.0 255.255.255.0 192.168.46.1

route inside1 192.168.49.0 255.255.255.0 192.168.46.1

oosama123 · ‎12-10-2016

still with same error , sorry for late :

ciscoasa(config)# route inside 192.168.49.0 255.255.255.0 192.168.46.1
ERROR: Cannot add route, connected route exists

am trying on ASA,not on 4500 switch

Wesoley · ‎12-11-2016

Can you provide a snapshot of the route table on the ASA? Can you also provide a topology diagram? Where are the VLANs located?

oosama123 · ‎12-18-2016

sorry for late , our topology , all users connected to switch , then there's fiber cable to the core switch , and the core switch connected to ASA5100

:) i don't have diagram.

the problem now we install a printer server and the printers ip are in 46 subnet .

the user inside 48 cann't print.

paul driver · ‎12-12-2016

Hello

So the ASA is performing the inter-vlan routing

Are these clients able reach their D/G, can they reach other vlans?
Can you post the ASA cfg?

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

oosama123 · ‎12-12-2016

yes , ASA is performing the inter-vlan routing

and all user can ping each other inside subsets ( 48 , 49 , 46 )

but only users in 46 can reach 18.0

So i for example for user in 48 i need to put this command in command prompt so they can reach 18

route add 192.168.18.0\24 192.168.48.200

paul driver · ‎12-13-2016

Hello

First of all maybe vlan 46 is allowed ICMP, and the other vlans aren't,

Also I can see a default route pointing to the 192.168.48.200, So the addition of ip route 192.168.18.0 255.255.255.0 192.168.48.200 shouldn't be required

Has someone rightly stated previously does the ASA have routes back for the other subsets in your LAN

eg:
route Inside 192.168.6 255.255.255.0 192.168.48.xx ( ASA Lan facing next hop)

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul