Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
391
Views
0
Helpful
7
Replies

L2 switch default gateway clarification

Go to solution
grapevine
Level 1
Level 1

‎02-06-2025 12:27 AM

I have an L2 switch that has 2 SVIs 172.18.16.51 and 10.145.16.250 with default gateway 172.18.16.1 It's connected to a firewall, firewall has gateway interface 10.145.16.1 and also a meraki and a firewall with gateway 172.18.16.1

If I want to reach 10.145.16.250 from another network (VPN 10.250.1.0) connected to firewall with gateway 10.140.16.1 should the default gateway on switch be changed to 10.145.16.1. I am able to ping the switch from the firewall directly but when I try to reach via VPN from the gateway connected to 10.145.16.1 it says ICMP aged out on the connected Palo Alto firewall. Please advise how to fix this.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Flavio Miranda
VIP
VIP
In response to grapevine

‎02-06-2025 03:24 AM

Then you are good. Just move the gateway 

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Flavio Miranda
VIP
VIP

‎02-06-2025 12:38 AM - edited ‎02-06-2025 12:39 AM

@grapevine 

 

If you have 172.18.16.1 as default Gateway on the switch, If you ping the switch from a different network, the switch will sendo the traffic to default-gateway. 172.18.16.1.

Run a trave route from VPN and see where It stops. This can be missing rules on firewall or route missing on the gateway

0 Helpful

Go to solution
grapevine
Level 1
Level 1

‎02-06-2025 01:43 AM

mb1.jpg

0 Helpful

Go to solution
grapevine
Level 1
Level 1

‎02-06-2025 01:45 AM

172.18.16.51 is reachable from VPN gateway 1, 1 need 10.145.16.250 reachable from vpn gateway 2, should  I change the default gateway on the switch to 10.145.16.1

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to grapevine

‎02-06-2025 02:03 AM

If you change the gateway to 10.145.16.1 it might work but you probably will loose access from VPN1 if 10.145.16.1 does not have route to VPN1

0 Helpful

Go to solution
grapevine
Level 1
Level 1

‎02-06-2025 03:13 AM

We are migrating from 172.18 to 10.145 network.so we don't want access to 172. 18. all devices will be moved to 10.145 network 

0 Helpful

Go to solution
Flavio Miranda
VIP
VIP
In response to grapevine

‎02-06-2025 03:24 AM

Then you are good. Just move the gateway 

0 Helpful

Go to solution
Joshqun Ismayilov
Level 1
Level 1

‎02-06-2025 04:13 AM

Hello @grapevine 

Change the Default Gateway to 10.145.16.1 and / configure a Static Route for VPN Traffic #ip route 10.250.1.0 255.255.255.0 10.145.16.1

Ensures that replies to VPN traffic (10.250.1.xx) go through 10.145.16.1 instead of the default gateway

Thanks !

0 Helpful
Customers Also Viewed These Support Documents