Switches, Hubs, and Modems
1748151 Members
3626 Online
108758 Solutions
New Discussion юеВ

Re: Unable to reach the gateway

 
Mopad
New Member

Unable to reach the gateway

I have a 5406 with 6 vlans. I'm able to communitcate to other hosts on different vlans. My firewall is connected to the switch on port B24. I'm unable to get to the internet when placed in vlans 10-40, but vlan 50 works. Below is my config. I'm able to ping the public side of the firewall when in the console, but not on the host when in Vlans 10-40. I'm currently running endian community as a firewall. Any help will be much appreciated!

Running configuration:

; J8697A Configuration Editor; Created on release #K.12.62

hostname "ProCurve Switch 5406zl"
module 1 type J8702A
module 2 type J8702A
module 3 type J8706A
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged C1-C24
no untagged A1-A24,B1-B24
no ip address
exit
vlan 10
name "VLAN10"
untagged A1-A12
ip helper-address 10.10.40.2
ip address 10.10.10.1 255.255.255.0
exit
vlan 20
name "VLAN20"
untagged A13-A24
ip helper-address 10.10.40.2
ip address 10.10.20.1 255.255.255.0
exit
vlan 30
name "VLAN30"
untagged B1-B11
ip helper-address 10.10.40.2
ip address 10.10.30.1 255.255.255.0
exit
vlan 40
name "VLAN40"
untagged B12-B22
ip helper-address 10.10.40.2
ip address 10.10.40.1 255.255.255.0
exit
vlan 50
name "VLAN50"
untagged B23-B24
ip helper-address 10.10.40.2
ip address 10.10.50.1 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 10.10.50.2
4 REPLIES 4
Marco Wessel
Valued Contributor

Re: Unable to reach the gateway

I'm going to hazard a guess that your gateway device doesn't have a route back to 10.10.0.0/16 (or whatever you aggregate as) via 10.10.50.1.
Mopad
New Member

Re: Unable to reach the gateway

I forgot to mention the gatway address is 10.10.50.2 on the private side of the firewall.

I did add a route for every vlan on the gateway?

Source Destination Route Via
10.10.50.0/24 10.10.10.0/24 10.10.50.1
10.10.50.0/24 10.10.20.0/24 10.10.50.1
10.10.50.0/24 10.10.30.0/24 10.10.50.1
10.10.50.0/24 10.10.40.0/24 10.10.50.1

Not sure if this correct. I can ping the green/private interface on the gateway(10.10.50.2) from vlan 10-40. But I cannot ping the public ip on the red interface from vlans 10-40.

If the ip on the red interface is a.b.c.d and the ip on the green interface is 10.10.50.2, what is the route I need to add to the gateway? Sorry for the questions, I'm a newbie!
Pieter 't Hart
Honored Contributor

Re: Unable to reach the gateway

I undestand you try to ping from different subnets on the inside network to the outside interface of a firewall.

Possibly this has nothing to with vlan's and routing, but rules on the firewall device.
It (default) may only accept reqests from it's inside-subnet (10.10.50.x).

regards,
Pieter
Mopad
New Member

Re: Unable to reach the gateway

That works!