Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 3332 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No internet access to some VLANs

Melanka Dilsara

Hi,

 

I have configured the setup mentioned in following drawing with Cisco 3650 core switch and two Cisco 2960 switches. After configuring ip route 0.0.0.0 0.0.0.0 192.168.30.254 on core switch, vlan 30 is able to access internet while other vlans couldn't. Could someone please say what seems to be the issue preventing vlan 10 and 20 from accessing internet?

DHCP server and inter-vlan routing is working. I've installed Sophos UTM v9 on a ESXi host



This thread was automatically locked due to age.
  • 0

    Mostly there is a missing masquerading rule.

    The masq-rule for direct connected VLAN30 is created by wizzard (if used).


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0

    Hi  

    Do you see traffic coming into the UTM for VLAN 10 and 20 network? Also, you must have configured either an SNAT or Masquerading rule to allow them out on the Internet.

    Regards

    Jaydeep

  • 0

    Hello Melanka and welcome to the UTM Community!

    As was already mentioned, the Masquerading rule for .30.0/24 was created automatically.  Assuming that you defined the Internal interface of the UTM as "VLAN30," you will see a masq rule like 'VLAN30 (Network) -> External' in 'Network Protection >> NAT'.

    You could have trunked all three VLANs into the UTM, but let's just work with the topology you chose.  If I've understood correctly, the Core switch is configured to send all outbound traffic to the IP of "VLAN30 (Address)" on the UTM.  Assuming you nave created Network definitions for the .10.0/24 and .20.0/24 subnets named "VLAN10" and "VLAN20," you need to do two things:

    1. Create masq rules like 'VLAN10 -> External' and 'VLAN20 -> External'.
    2. Create Static Gateway Routes for both subnets like 'VLAN10 -> {Core switch}' and 'VLAN20 -> {Core switch}'.

    Communication established?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML