cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Popup Hotspot Using ISR 1000 with WiFi/LTE for Teleworkers and Micro Branchesr
140
Views
0
Helpful
5
Replies
Highlighted

VLAN not able reach after applied ISR device

Dear Experts,

We have installed Cisco ISR(ISR_1 and ISR_2) and Cisco FW(FW_1 & FW_2) as per photo below.

I already perform PERMITALL to each FW. So no blocking issue in FW.

We perform test FW_1 to FW_2 (using cross cable)without ISR, all the VLAN able to ping each other.

My question why we not able to reach at VLAN 514,515 and 516 to VLAN 114, 115, 116 after implementing ISR devices.

VLAN 514: 10.5.14.0/24 10.5.14.254                         VLAN 114: 10.51.14.0/24 10.51.14.254

VLAN 515: 10.5.15.0/24 10.5.15.254                         VLAN 115: 10.51.15.0/24 10.51.15.254

VLAN 516: 10.5.16.0/24 10.5.16.254                         VLAN 116: 10.51.16.0/24 10.51.16.254

Is it that issue on FW config or ISR config? Really need help on solving this issue.

Thanks.

Regards,

Hanif

5 REPLIES 5
Highlighted
Participant

Hi,

Hi,

To solve your issue you have configure trunk port on each interface:

1) ISR1---ISR2

2)ISR1--FW1

3) ISR2--FW2

As in your scenario,intervlan routing on fws needs trunk ports outside of firewall.

Hope it helps.

Highlighted
Hall of Fame Guru

You do not need to configure

You do not need to configure trunks between all the devices in this scenario.

Providing the firewalls allow the traffic and the routing is setup correctly it should work fine.

Jon

Highlighted

Hi John ,

Hi John ,
Updated on this issue, firewall (10.5.5.250)connected to  L3 Switch with Access port while ISR connected to L3 switch with Trunk port. Attached is the show run for these 3 devices. ISR using 
EtherSwitch Service Module (ES)  Int GI 1/0 to connect with L3 Switch. 
Highlighted
Hall of Fame Guru

I don't see how this post

I don't see how this post relates to the original problem.

Did you see my first post about the missing routes on ISR_1 ?

Jon

Highlighted
Hall of Fame Guru

The routing table on ISR_1

The routing table on ISR_1 does not have routes for the 51x vlans.

Is the interface between FW_1 and ISR_1 up on the the ISR ?

Jon

CreatePlease to create content
Content for Community-Ad