Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
216
Views
0
Helpful
1
Replies

Directly Connected Networks... Why can't I get to IPs on different Switches but in a common subnet???

andy roles
Level 1
Level 1

‎10-14-2014 04:57 AM - edited ‎03-07-2019 09:06 PM

 

Hi,

I've set up a pair of switches in a DMZ type environment that hangs off of our DMZ firewall.

The firewall has a static route to the supernet hosted on the switches via switch interface 10.1.191.12

   The static route is:  10.1.160.0 /19  via 10.1.191.12

   The firewall has the local interface address 10.1.191.11 /28

   Switches 01 and 02 have a floating HSRP address of 10.1.191.12 /28

   Switch 01 has a vlan interface address of 10.1.191.13 /28

   Switch 02 has a vlan interface address of 10.1.191.14 /28

 

The firewall is completely open at the moment.  From my desktop on the other side of the firewall from the 10.1.160.0 /19 network I can happily ping all the addresses mentioned above.  i.e. From my desktop (IP 10.0.33.50) I can ping 10.1.191.11, 12, 13, 14.

 

 

I've also configured another network across the switch pair:  10.1.160.0 /24

This network has a VLAN interface set up on each switch as follows:

   Switch 01 has a vlan interface address of 10.1.160.251 /24

   Switch 02 has a vlan interface address of 10.1.160.252 /24

 

From each switch I can ping the 10.1.160.25x address thus subnet connectivity is fine across the two switches.

From my desktop on the other side of the firewall from the 10.1.160.0 /19 network I can happily ping the 10.1.160.251 address.

 

NOW the Problem....

From my desktop on the other side of the firewall from the 10.1.160.0 /19 network I CAN NOT ping the 10.1.160.252 address.

i.e. I can only ping IP addresses hosted by the switch that the next hop for the firewall points to (i.e. 10.1.191.12)

 

I don't understand why I can only ping IP addresses on other subnets when the IP address is local to the switch that is hosting the next hop IP that the firewall is set to use!!

 

Please can somebody explain what the problem is here!?

 

* Please let me know if further clarification is required on this question!!?

 

 

 

 

Labels:
0 Helpful
1 Reply 1

andy roles
Level 1
Level 1

‎10-27-2014 12:41 PM

Hi,

 

Just thought I'd update this as I figured out what the problem was.

 

I was using a default route instead of a static route to get back to the internal company network via the firewall.  As soon as I put a static route on instead and enabled IP routing the routing started to work fine for all subnets this side of the firewall.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card