Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
833
Views
0
Helpful
17
Replies

New to Cisco and have run into an issue.

stcsmi231
Level 1
Level 1

‎09-18-2015 01:02 PM - edited ‎03-08-2019 01:51 AM

I recently started helping out at a small business where everything was installed and setup before I arrived. The issue I am having is forwarding all requests for ip: 10.141.85.200 which is not on the same network to 192.168.25.221 which is on the same network. Requester's ip is: 192.168.25.70. We have a Cisco 3560 8 port, a 2960g 48 port, an ASA 5505. Please help!

Labels:
0 Helpful
17 Replies 17

Jon Marshall
Hall of Fame
Hall of Fame
In response to stcsmi231

‎09-23-2015 11:11 AM

Yes, basically the switch will automatically route between the two subnets.

If you wanted all traffic from all clients on the 192.168.25.x subnet to 10.141.85.12 to go to 192.168.25.221 then you could try adding this route -

"ip route 10.141.85.12 255.255.255.255 192.168.25.221"

and that might work but it would send all traffic from every client on every subnet with a destination IP of 10.141.85.12 to 192.168.25.221.

An alternative although not something I usually recommend is to simply add a route to the 192.168.25.70 client device so it sends traffic direct to 192.169.25.221.

Apart from that your options are limited.

Perhaps if you explained in more detail what it is you are trying to do ie. what is 192.168.25.221 and why do you  need to redirect the traffic.

Jon

0 Helpful

stcsmi231
Level 1
Level 1
In response to Jon Marshall

‎09-23-2015 11:25 AM

We have 2+ networks that we use here, 1 is the cisco equipment that I am supposed to manage, the other is a provided by the parent company. I manage the " back office" network and they manage the "front office" they have begun enforcing their segregation of the two networks. No back office equip on front office network and vice versa. They have a "Netgate" in place and on that device it has 2 Vlans.

Vlan 1 is for the front office which contains 10.141.85.12. Then vlan2 is allowed to be connected to the back office network. I can see the "netgate" device with 192.168.25.221 from the back office but can not see 10.141.85.221 which is the same device. I can however see both adresses from the front office network.

10.141.85.12 is a server on their side that users in my office were using before the change took place and they still need access to it. The "Netgate" team setup vlan 2  on the "netgate" just for that reason.  

 

When the whole network was built here I don't think it mattered where systems were located at the time so whoever setup the cisco devices made a Vlan with the same IP scheme (vlan1) on my 3560 and intervlan routing is enabled. All of my user's currently reside on (vlan25) on my 3560, and there is a direct connection to the "Netgate" on (vlan25) as well. Which is why I can see 192.168.25.221 from my side of things.  

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to stcsmi231

‎09-23-2015 12:06 PM

If the 10.141.85.0/24 subnet is meant to be only reachable via the Netgate then why do you have an SVI for it on the 3560 switch.

Are you sharing the switch ?

If you are sharing the switch I assume the Netgate is connected on both vlans to that switch ?

If so then the only way to enforce this properly is to use VRFs but your license on the switch doesn't support those unfortunately ie. you would need a license upgrade.

So are you sharing the switch ie. are the 10.141.85.x devices connected into your switch ?

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card