Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
820
Views
0
Helpful
5
Replies

Routing issue on a Catalyst 3560, WS-C3560G-48PS

Steven Wiig
Level 1
Level 1

‎10-15-2013 05:52 AM - edited ‎03-07-2019 04:02 PM

Greetings,

We have a firewall attached to our core switch on two ports, one going from the switch to the firewall to our main cisco router, and the other has been used as a management port for the firewall.

On the switch I'm trying to make route the traffic of a specified network (class B private) to the port used for managing the firewall. This is for return VPN traffic. As of now it the traffic is returning assynchronously through the switches default gateway. I set an IP routing protocol (ip routing is enabled) that sets the next hop for that network to the ip of the management port, but no dice. Any ideas? Will I have to mess with subnets?

Labels:
0 Helpful
5 Replies 5

Damien Miller
VIP Alumni
VIP Alumni

‎10-15-2013 10:33 PM

Hello Steven,


It is a little difficult to make out what you are trying to accomplish from your post.  Are you able to provide us with a diagram of current and desired traffic flow?  It is quite odd to try and route the return vpn traffic to the management interface on a firewall, you should be routing the return traffic to the next hop of the non management interface on the firewall.

Bear with me here as I am tyring to work with the information you have provided.

0 Helpful

devils_advocate
Level 7
Level 7

‎10-16-2013 01:35 AM

Hi Steven

We need a little more info, can you provide a quick diagram of the setup?

What firewall are you using? Is the management port labelled 'management' or is it just a standard ethernet port which has an IP address for management?

0 Helpful

Steven Wiig
Level 1
Level 1

‎10-16-2013 05:30 AM

My apologies for the vagueness. I'm trying to force the routing of a specific network broadcast domain back to where the traffic originated from, from the same port that it originated from. Right now my VPN traffic is coming in the correct way and leaving out our main default gateway out our fiber connection, despite the IP Routing being enabled and destination network / gateway address being specified.

The management port on the firewall is a standard L3 port with an address specified for the port, and a seperate IP address for the management interface. It should allow non maangement traffic through.

0 Helpful

Steven Wiig
Level 1
Level 1
In response to Steven Wiig

‎10-21-2013 10:15 AM

It's very odd that on the core switch, 3560, I can ping the interface on the firewall that the vpn traffic is supposed to return through, the static rout appears to be set correctly, ip routing is enabled in the running-config, yet it's hitting the default gateway instead of the specified next-hop ip address of the intended firewall interface.

0 Helpful

Steven Wiig
Level 1
Level 1

‎10-30-2013 12:31 PM

I think the bottom line here is that in the core switch, configured with "ip routing", traffic is not returning symmetrically, and isntead is going out via the default gateway of the switch.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card