Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1187
Views
0
Helpful
4
Replies

interVLAN routing and a routed port configuration

Go to solution
kmigmar805
Level 1
Level 1

‎07-08-2012 04:49 AM - edited ‎03-07-2019 07:39 AM

Dear Experts,

Could anyone give directions on how to configure traffic flow between  computers inside VLANs and a routed port?

Here is the setup details:

1. Switch 3750-X

2. VLAN 100 - ( SVI IP address 192.168.100.1 /24)

3. VLAN 200 - ( SVI IP address 192.168.200.1 /24)

4. routed port gi1/0/48 (IP address 192.168.150.1 /24). Note: this port is directly connected to a firewall ASA 5520 port IP 192.168.150.100 /24

Ip routing is enabled on the switch and inter vlan traffic is flowing ok. I can ping the routed port

gi1/0/48 from  any computer connected in the VLAN 100 or 200. For example computer with IP 192.168.100.25 can ping the routed port 192.168.150.1.

Switch can ping firewall port 192.168.150.100 and the 'sh ip route' command shows the network 192.168.150.0 /24 as directly connected network.

Problem:

any computer in the two VLANs CANNOT ping firewall ASA port 192.168.150.100   Is it because inter VLAN routing does not work with a routed port on L3 switch? I looked up fallback bridging, but it is meant for non IP traffic.

The goal is I am trying to set the ASA port as an internet gateway for VLANs. 

Thank you very much!

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎07-08-2012 04:55 AM

It sounds like you need to put static routes on the ASA pointing to the routed port for vlans 100 and 200. If the computers in those vlans can ping the routed port, then routing is working correctly within the switch but the ASA needs to know how to get back to those vlans. Try adding:

route inside 192.168.100.0 255.255.255.0 192.168.150.1

route inside 192.168.200.0 255.255.255.0 192.168.150.1

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

0 Helpful

Go to solution
nkarthikeyan
Level 7
Level 7
In response to John Blakley

‎07-08-2012 05:04 AM

Also gateway IP should be pointed to firewall IP then only this will work....

View solution in original post

0 Helpful
4 Replies 4

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎07-08-2012 04:55 AM

It sounds like you need to put static routes on the ASA pointing to the routed port for vlans 100 and 200. If the computers in those vlans can ping the routed port, then routing is working correctly within the switch but the ASA needs to know how to get back to those vlans. Try adding:

route inside 192.168.100.0 255.255.255.0 192.168.150.1

route inside 192.168.200.0 255.255.255.0 192.168.150.1

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
nkarthikeyan
Level 7
Level 7
In response to John Blakley

‎07-08-2012 05:04 AM

Also gateway IP should be pointed to firewall IP then only this will work....

0 Helpful

Go to solution
kmigmar805
Level 1
Level 1
In response to John Blakley

‎07-08-2012 05:04 PM

Mr. John Blakley,

Thank you so much!!! Your advice was spot on.

It all worked when the static route was added to the firewall. Thank you!

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to kmigmar805

‎07-08-2012 05:29 PM

That's great to hear!

HTH, John *** Please rate all useful posts ***
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card