cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1672
Views
10
Helpful
4
Replies

Multi-subnet routing

daverutz58
Level 1
Level 1

I am running out of IP address on our internal LAN (10.165.11.0/24). I cannot simply change the net mask to /23 since we are already using 10.165.10.0/24 in the DMZ. So, to be able to get the extra IPs needed, I've created a superscope on the Windows 2012 R2 DHCP server (10.165.11.13). The extra scope is 10.165.21.0/24...

 

Scope 1

  • Range: 10.165.11.70 - 10.165.11.239
  • Router: 10.165.11.1
  • DNS: 10.165.11.13

Scope 2

  • Range: 10.165.21.60 - 10.165.21.250
  • Router: 10.165.21.1
  • DNS: 10.165.21.13

All devices are connected to the same VLAN and belong to the same domain. There is no need to have separate VLANs.

 

We are using (for now) a Cisco ASA-5510 as our router/firewall. All network traffic up until now has been going through the e0/1 interface (10.165.11.1 - security 100). I have created an extra interface e0/1.2 (10.165.21.1 - security 100).

 

I have also assigned a 2nd IP to the same LAN connection in the DHCP server (10.165.21.13) and set an extra gateway (10.165.21.1).

 

Clients can get an IP in the .21 range but they can’t ping any of the .11 resources. Nor can they surf the net. They can ping all other .21 address except for 10.165.21.1.

 

Clients in the .11 subnet can’t ping anything in the .21 subnet.

 

We are using Dell N3048 switches and VLAN1 is configured with 10.165.11.2. I have set a secondary address (10.165.21.2) for that VLAN. The port that the ASA is connected to is an Access port. Need it be a Trunk port instead?

 

The ASA syslog is showing the following error when I try to ping a .21 address from a .11 computer:

10.165.21.2   portmap translation creation failed for icmp src inside1:10.165.11.175 dst inside2:10.165.21.2 (type 8, code 0)

 

I’m not a Cisco guru but I’m pretty sure that routing is the issue. I have attached the config for the ASA and Dell switches

Any assistance would be very welcome! Thanks

Dave

1 Accepted Solution

Accepted Solutions