05-04-2011 04:55 AM - edited 03-06-2019 04:53 PM
I have a 3560 configured with a vlan 60, there are 2 ports in the vlan
the vlan is assgined a public IP and first port is wired to router which goes to internet.
I have a desktop connected to the second port.
There are other vlans as well in the same switch so the default route goes to another internal router. this also means there is no gateway added specific to vlan 60. I still am able to ping the vlan IP and the public IP of the desktop attached to it from internet.
But I cannot ssh or http to the desktop IP, only ping works.
Why is it so?
05-05-2011 04:42 AM
I agree with Milan. The layer 4 information has no bearing on how the traffic is routed. My guess is that you probably had correct routing on the ASA (hence pings working), but either you didn't allow it through your inbound ACL (outside interface) or didn't enable inspection for http and ssh traffic. That's what I would think the issue was.
05-05-2011 05:58 AM
no no.. there is no ASA here. The packets were going out through vlan60 to another switch.
The switch were the vlans are have a default gateway to ASA, but that is not the route I want the vlan60 to take.
now because there is a default gw to ASA, I cannot add another GW specific to this vlan.
but ping finds the next gateway and go through it. I can confirm it looking at the debug logs.
Apps don't.
05-05-2011 07:54 AM
Hi,
according tio the diagram you provided, any packet coming from the Internet has to come through the ASA?
BR,
Milan
05-05-2011 05:30 AM
That's good you got required result, but the way you explained your scenario and the solution you found, one of them is wrong.
And your wrong ip addressing is also helping in routing to some extent even if you dont enable routing for vlan 60 & vlan (Outside Int of ASA)
Do check that....
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide