HPE Community
LAN Routing
1752778 Members
6026 Online
108789 Solutions
New Discussion

VLAN not routing between machines over WAN

 
jrogulski
Visitor

‎02-13-2015 10:23 AM

‎02-13-2015 10:23 AM

VLAN not routing between machines over WAN

This one is killing me.  

 

I have a mail server in site 1.   IP address is 10.150.1.2.      VLAN 10.150.1.254

I have a mail server in site 2.   IP address is 10.150.2.1       VLAN 10.150.2.1

 

I have a VPN tunnel built between both sites.   If I try to ping vlan to vlan, the ASA tunnel comes up, no issue there.   I cannot get the two VLANS to ping each other.   There are NO ACL's on the firewall side to restrict.  

 

If you look at routing for site 1, ASA is 192.9.230.179.   Route is built for that headed there.

If you look at routing for site 2, ASA is 172.16.110.15.   Route is built for that headed there.  

 

Site 1&2, cannot ping machine from any other vlan either.    I can ping the vlan.   

 

What am I doing wrong?    Although the second NIC on each machine (10.150.x.x) has no gateways, I have netsh route built for the remote sites.    If I can ping the vlan shouldn't I be able to ping the host?   Are my issues there or on the switch?

 

  

0 Kudos
6 REPLIES 6
Vince-Whirlwind
Honored Contributor

‎02-15-2015 04:03 PM

‎02-15-2015 04:03 PM

Re: VLAN not routing between machines over WAN

I have a mail server in site 2.   IP address is 10.150.2.1       VLAN 10.150.2.1

I assume this is a typo and your Site2 switch and email server aren't actually assigned the exact same addresses.

I'm a bit confused by your Site1 switch config:

ip default-gateway 192.9.230.179

ip route 0.0.0.0 0.0.0.0 192.9.230.180

But that shouldn't matter as you have a more specific route anyway:

ip route 10.150.2.0 255.255.255.0 192.9.230.179

Assuming that IP address is correct for the local ASA, the next check is, does the ASA have a route for the 10.150.2.0/24 network? I think it does, because from Site 1 you can ping 10.150.2.254, right?

 

So all that's left is the host itself.

Can 10.150.1.2 ping its VLAN's router address?

Can the Site2 email server ping its VLAN's router address?

Can each of them ping a different VLAN router address?

0 Kudos
jrogulski
Visitor

‎02-16-2015 05:47 PM

‎02-16-2015 05:47 PM

Re: VLAN not routing between machines over WAN

It is a typo, I'm sorry.     The host is .2

 

 

p default-gateway 192.9.230.179

ip route 0.0.0.0 0.0.0.0 192.9.230.180

But that shouldn't matter as you have a more specific route anyway:

ip route 10.150.2.0 255.255.255.0 192.9.230.179

Assuming that IP address is correct for the local ASA, the next check is, does the ASA have a route for the 10.150.2.0/24 network? I think it does, because from Site 1 you can ping 10.150.2.254, right?

 

 

I'll double check the ASA.     I know that if I try and ping the hosts from each site, the tunnel comes up and I can see the traffic in the logs.   

 

So all that's left is the host itself.

Can 10.150.1.2 ping its VLAN's router address?     Yes, it can. 

Can the Site2 email server ping its VLAN's router address?   Yes.   

Can each of them ping a different VLAN router address?  They can - but it goes out the other nic that has a gateway sepcified.   If I force the traffic out the NIC that I want the traffic on, it wont see any other vlans.  

0 Kudos
Vince-Whirlwind
Honored Contributor

‎02-16-2015 06:17 PM

‎02-16-2015 06:17 PM

Re: VLAN not routing between machines over WAN

It has to have a gateway, or it can't communicate off-subnet.

 

What you need on the server is a second routing table that defines, for example for Site1, 10.150.2.254 as the default gateway address for traffic involving the NIC with 10.150.1.2 on it.

 

If this is a Windows box, you will probably have to rethink the multiple NIC thing.

Probably better to just use one IP address, bond the NICs together and get a bit of redundancy.

 

 

0 Kudos
jrogulski
Visitor

‎02-16-2015 07:08 PM

‎02-16-2015 07:08 PM

Re: VLAN not routing between machines over WAN

I did a route add 10.150.1.0/24 10.150.2.1 metric 1 interface 12 (the interface with no gateway on it.)

 

It's a windows box but running DAG replication for Exchange so MS and the vendor helping me are reccomending that they be on separate vlans. 

0 Kudos
Vince-Whirlwind
Honored Contributor

‎02-16-2015 07:15 PM

‎02-16-2015 07:15 PM

Re: VLAN not routing between machines over WAN

Server NICs have been capable of using 802.1q frame format for years now.

 

You might be better off creating a virtual NIC, using .1q, and assigning it to a bonded pair of physical NICs. That gives you some redundancy and potential bandwidth benefits.

 

I'm not a server guy, so I don't know *how* to do that, but it seems like a likely thing that can be done.

0 Kudos
jrogulski
Visitor

‎02-16-2015 08:28 PM

‎02-16-2015 08:28 PM

Re: VLAN not routing between machines over WAN

I'll give it a shot tomorrow. 

 

 

Thanks

 

Was the switch config ok?  

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.