Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
484
Views
5
Helpful
2
Replies

routing between vlans

Go to solution
mwhite
Level 1
Level 1

‎01-29-2016 03:38 PM - last edited on ‎03-25-2019 04:37 PM by Community Manager

I have test network setup to emulate a real-world change I need to make to our LAN/WAN infrastructure ASAP.

Network consists of:

ASA 5505   VLAN1 IP=192.168.24.254 --connected to world via secondary ISP from my office

2960 switch w/three vlans:

VLAN1 IP=192.168.24.253

VLAN100=192.168.100.254 --clients (just one laptop)

VLAN101=192.168.101.253 -- link to core switch

4500 Core switch VLAN101 =192.168.101.254 Link to test network

I have IP routing enabled and the default gateway is set to the ASA's internal address (192.168.24.254)   I believe this should enable routing between all directly connected networks (VLANs, in this case).   I can ping everything from the console on the 2960 (google.com, the vlan101 interface on the 4500).  However I cannot ping from the laptop (on VLAN100) to the default gateway, or the 4500.  I can ping the VLAN interfaces on the 2960.

Additional info:

If I have the laptop plugged into vlan1(with the proper IP address) I can get to the ASA and the rest of the world.  when I put it back on Vlan100, I can ping the vlan100 interface address AND the vlan101 interface address, but I can't get past the 2960.

routing config on the 2960 looks like this:

ip default-gateway 192.168.24.254

ip route 0.0.0.0 0.0.0.0.0 192.168.24.254

I know I'll need to add static routes to get to other networks on my core switch, but why can't I even get to the ASA?   

thanks in advance for your time!

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎01-29-2016 04:47 PM

You won't be able to get to the ASA unless it has a route back to the vlan 100 network (same logic with the 4500).

So on the ASA -

"route inside 192.168.100.0 255.255.255.0 192.168.24.253"

then you should be able to ping the ASA.

Jon

View solution in original post

2 Replies 2

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎01-29-2016 04:47 PM

You won't be able to get to the ASA unless it has a route back to the vlan 100 network (same logic with the 4500).

So on the ASA -

"route inside 192.168.100.0 255.255.255.0 192.168.24.253"

then you should be able to ping the ASA.

Jon

Go to solution
mwhite
Level 1
Level 1
In response to Jon Marshall

‎02-01-2016 10:23 AM

You are correct.  It's been too long since I've worked with these.   Thanks.

0 Helpful
Customers Also Viewed These Support Documents