ping work, ssh doesnt to an attached device - Page 2

Riju Kalarickal · ‎05-04-2011

I have a 3560 configured with a vlan 60, there are 2 ports in the vlan

the vlan is assgined a public IP and first port is wired to router which goes to internet.

I have a desktop connected to the second port.

There are other vlans as well in the same switch so the default route goes to another internal router. this also means there is no gateway added specific to vlan 60. I still am able to ping the vlan IP and the public IP of the desktop attached to it from internet.

But I cannot ssh or http to the desktop IP, only ping works.

Why is it so?

Antonio Knox · ‎05-05-2011

I agree with Milan. The layer 4 information has no bearing on how the traffic is routed. My guess is that you probably had correct routing on the ASA (hence pings working), but either you didn't allow it through your inbound ACL (outside interface) or didn't enable inspection for http and ssh traffic. That's what I would think the issue was.

Riju Kalarickal · ‎05-05-2011

no no.. there is no ASA here. The packets were going out through vlan60 to another switch.

The switch were the vlans are have a default gateway to ASA, but that is not the route I want the vlan60 to take.

now because there is a default gw to ASA, I cannot add another GW specific to this vlan.

but ping finds the next gateway and go through it. I can confirm it looking at the debug logs.

Apps don't.

milan.kulik · ‎05-05-2011

Hi,

according tio the diagram you provided, any packet coming from the Internet has to come through the ASA?

BR,

Milan

Salman Raza Sadiq · ‎05-05-2011

That's good you got required result, but the way you explained your scenario and the solution you found, one of them is wrong.

And your wrong ip addressing is also helping in routing to some extent even if you dont enable routing for vlan 60 & vlan (Outside Int of ASA)

Do check that....