Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
374
Views
0
Helpful
2
Replies

Switching Issue Between Server on UCS and ASA

snowmizer
Level 1
Level 1

‎02-21-2014 10:58 AM - edited ‎03-07-2019 06:21 PM

I am setting up networking between our home office and our disaster recovery site so that we can replicate between our Avamar grids. I wanted to get the networking in place before we move the equipment to the DR site.

To simulate the server on the DR end I added VLAN 103 to our UCS and assigned it to the physical switch connections on a 3750 switch via a port-channel. I added VLAN 103 to the 3750 database (shows when I run show vlan brief but doesn't show the vlan database stuff in the config). I added an interface for VLAN 103 and the routing to point to the replication interface on our ASA. Here's a diagram:

Server on UCS    -------------->   UCS VLAN 103  ------------>   3750 Switch       --------------------->  ASA Inside Repl

IP: 10.103.1.100                      via port-channel                   int vlan 103                                  VLAN 103

GW: 10.103.1.253                                                             IP: 10.103.1.253                            IP: 10.103.1.254

Because this network isn't on the same subnet as the rest of my internal traffic (and I don't want it to be) I have the following routes on my switch:

ip route 0.0.0.0 0.0.0.0 10.1.5.254

ip route 10.103.1.0 255.255.255.0 10.103.1.254

ip route 10.102.1.0 255.255.255.0 10.103.1.254

ip route 10.200.1.0 255.255.255.0 10.103.1.254

10.102.1.0 resides on our home office network and 10.200.1.0 are the two outside interfaces connecting the firewall at the home office to the DR site.

I was verifying connectivity and can ping from the Server to the 3750 switch (10.10.1.253) but the switch can't ping to 10.10.1.254 on the ASA. All of the interfaces on the switch and the ASA show as up/up.

I've been trying to figure out what I'm missing but think maybe I'm overthinking this. What else could be the problem here?

Thanks.

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎02-21-2014 11:18 AM

This route -

ip route 10.103.1.0 255.255.255.0 10.103.1.254

is doing nothing because it is directly connected on the switch ie. you have an SVI.

From the looks of the route though it looks like you want the default gateway for that subnet to be the ASA so why not just -

1) remove the SVI for vlan 103 from the 3750

2) make sure the port channel connecting to the server is in vlan 103

4) make sure the 3750 to ASA port is in vlan 103

and then you should be able to ping from the server to the ASA.

if you do the above it will mean you cannot route between vlan 103 and any other subnets without going via the firewall but it sounds like that is what you want ?

Jon

0 Helpful

snowmizer
Level 1
Level 1
In response to Jon Marshall

‎02-24-2014 07:06 AM

So apparently all I needed was a weekend away from this to get this working. Once I started looking at it this morning I realized that the port (on the 3750) that the inside interface was plugged into didn't specifically allow VLAN 103. Once I added that I could ping between the switch and the ASA and from the server at the DR site to the outside interface of the ASA at the home office and vice versa. So now I know I'm at least getting as far as each ASA.

Now I just need to continue until I can get to each workstation.

BTW: I did remove the the ip route statement. I knew it wasn't doing anything and should have removed it before posting this message. Sometimes you can't see the forest for the trees.

Thanks.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card