Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 20 replies
  • Subscribers 42 subscribers
  • Views 8604 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG routing not working a vlan interface

Amr Kabary

Hi all ,

i have 2 vlans in my network on a cisco  switch vlan 1 and vlan 2, each assigned on access ports on the switch

i am doing router on a stick model , link between switch and XG is trunk (trunk port on cisco)

on XG , there is a physical lan interface for vlan 1 192.168.1.254 , then a vlan interface on it in vlan 4  192.168.4.254

now ican ping both interfaces from vlan 1 
XG can ping vlan 4 
but no routing between vlan 1 and 4

rule is allow any any on xg

trace route from vlan 1 to vlan 4 , the xg routes vlan 4 traffic to the wan interface

can any one help ??



This thread was automatically locked due to age.
Parents
  • 0

    1) I don't understand how the devices are connected.

    You are writing you use VLAN 1 and VLAN 2 on the Cisco. There are access ports configured with these VLANs on the switch.

    You are using VLAN 1 and VLAN 4 on the Sohos.

    You link the XG with a trunk port to the cisco. Doesn't that mean that you have a port where vlan 1 and vlan 2 are tagged on the cable (Cisco side)? In this case the config on the Sophos would be wrong. Even if you put vlan 1 untagged and vlan 2 tagged this would not work because of different VLAN IDs - 2 on CISCO, 4 on Sophos.

    Dont't mix management VLANs and productive VLANs. Create two productive VLANs and leave the managment VLAN as it is. On the link between the firewall configure vlan 1 as untagged and the other two VLANs tagged.

    2) Make a dedicated rule for traffic to LAN - LAN above the rule allow all (very dangerous by the way from the moment you attach wan you might be under attack). Disable or delete allow all.

    Make an Explicit Deny rule at the end.

    Activate logging on all rules.

  • 0 in reply to BeEf

    it is vlan 4 
    on the switch and on XG

Reply Children
No Data
Unfiltered HTML