Re: layer 3 implementation and STS issues with SNMP

ed0001 · ‎01-19-2018

I just configured layer 3 switch replacing sub interfaces. It was my first time deploying a layer 3 switch. This was at one of our sites with IKEV2 STS. I have a port that's doing the routing on the switch connected to an ASA. The ASA inside interface was changed to /30, and the previous subnet that was on the inside interface, I moved it to a SVI on the switch. The site to site came up with no problems. Since this is my first time dealing with layer 3 switches, now I cant ping that inside interface (/30) from our main central location, and all my SNMP monitoring from central site is not working because that inside interface now is not in the VPN group. Also, i cant ssh into the ASA on that /30 subnet from the central site. Anyone run into this problem ?

Richard Burts · ‎01-19-2018

We do not have much detail to work with here but I believe that is enough to allow us to identify the issue and to suggest a solution. The cause of the problem seems to be here:

"the previous subnet that was on the inside interface, I moved it to a SVI on the switch"

So now there is a new subnet (/30) on the interface. And I believe that you have correctly identified the underlying issue:

"because that inside interface now is not in the VPN group"

So there should be a fairly simple solution to this problem, which is to add the new subnet to the VPN group.

HTH

Rick

HTH

Rick