HPE Community
Switches, Hubs, and Modems
1753760 Members
4843 Online
108799 Solutions
New Discussion юеВ

Routing on HP ProCurve Switch 5308XL

 
SOLVED
Go to solution
Jamenguyen
Occasional Contributor

тАО03-16-2006 08:00 PM

тАО03-16-2006 08:00 PM

Routing on HP ProCurve Switch 5308XL

Someone Help me pls!

I have 3 vlans in a 5308xl switch:

vlan 1: 192.168.100.0/24
vlan 2: 192.168.200.0/24
vlan 3: 192.168.50.0/24

- All Servers are on VLAN 1
- ISA Firewall is on VLAN 3: Internet interface is 192.186.50.10/24.

I have routing enable (rip v1) and is working between the vlans. The hosts in each vlan can comunicate with Serves & the other vlans.

To access the internet, i created a static route: IP Route 0.0.0.0 0.0.0.0 192.168.50.10 on the Switch.

My Problems is that:
1. All hosts can reach the Internal interface of ISA Firewall - 192.168.50.10 when this Interface has gateway: 192.168.50.1

But this cause problem to Firewall, because
can not set more than 1 gateway for FW.

2. If i remove the gateway of the Internal Interface, the Firewall is ok.

But problem is that: all hosts can not reach this Firewall.

So, how can i setup for hosts access Internet?

Thanks in advance for your help

Thanks & Best regards,

James Nguyen
0 Kudos
6 REPLIES 6
Manuel Wolfshant
Trusted Contributor

тАО03-18-2006 10:45 AM

тАО03-18-2006 10:45 AM

Re: Routing on HP ProCurve Switch 5308XL

I am not familiar with ISA Firewall, but standard routing rules say that:
- ISA should have as gateway the IP of the router between ISA and internet
- the switch should have as gateway the internal IP (the one facing the LAN) of ISA
- a router (the HP?) should be able to forward the packets between any pair of VLANs.
I suggest reading http://www.hp.com/rnd/support/config_examples/5300xl_portbase.pdf
0 Kudos
Sergej Gurenko
Trusted Contributor

тАО03-18-2006 06:31 PM

тАО03-18-2006 06:31 PM

Solution

Re: Routing on HP ProCurve Switch 5308XL

You need to add routes to the ISA server. Looks like ISA do not know about VALN1 and VLAN2 subnets.

Under windows you can use this commands:

route add 192.168.100.0 mask 255.255.255.0 [router_ip] -p
route add 192.168.200.0 mask 255.255.255.0 [router_ip] -p

Do not forget that ISA is a firewall, and some troubleshooting methods just not suitable (e.g. ICMP ping can be disabled by default)
Les Ligetfalvy
Esteemed Contributor

тАО03-19-2006 02:06 AM

тАО03-19-2006 02:06 AM

Re: Routing on HP ProCurve Switch 5308XL

ISA can have issues with what is called a network-behind-network if the ISA shares a subnet with clients. The ISA server should be on its own subnet, not shared with any clients. This is sometimes referred to as a stub subnet. All other subnets should forward to this stub as the gateway of last resort.

The ISA server needs a static route to the 5308 since ISA's default gateway must be on its external (internet facing) NIC.

See http://www.isaserver.org/img/upl/Image29161094811945968.gif
Jamenguyen
Occasional Contributor

тАО03-19-2006 12:16 PM

тАО03-19-2006 12:16 PM

Re: Routing on HP ProCurve Switch 5308XL

Thanks Everyone!

Jame Nguyen
0 Kudos
Matt Hobbs
Honored Contributor

тАО03-19-2006 02:49 PM

тАО03-19-2006 02:49 PM

Re: Routing on HP ProCurve Switch 5308XL

James, why don't you assign some points to the kind people that have assisted you with this one.

If you submit a question or new topic and another member replies to it, you will see a dropdown menu of points next to the reply (you must be logged in to see the menu). Select the point value and then click the "submit points" button. Note that you can rate multiple replies and submit them at one time.

o 1-3: The answer didn't really help answer my question, but thanks for your assistance!

o 4- 7: The answer helped with a portion of my question, but I still need some additional help!

o 8-10: The answer has solved my problem completely! Now I'm a happy camper!

0 Kudos
Sergej Gurenko
Trusted Contributor

тАО03-19-2006 04:32 PM

тАО03-19-2006 04:32 PM

Re: Routing on HP ProCurve Switch 5308XL

Matt, points are not popular in our days ;)
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.