Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 6 subscribers
  • Views 3332 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No internet access to some VLANs

Melanka Dilsara

Hi,

 

I have configured the setup mentioned in following drawing with Cisco 3650 core switch and two Cisco 2960 switches. After configuring ip route 0.0.0.0 0.0.0.0 192.168.30.254 on core switch, vlan 30 is able to access internet while other vlans couldn't. Could someone please say what seems to be the issue preventing vlan 10 and 20 from accessing internet?

DHCP server and inter-vlan routing is working. I've installed Sophos UTM v9 on a ESXi host



This thread was automatically locked due to age.
Parents
  • 0

    Hello Melanka and welcome to the UTM Community!

    As was already mentioned, the Masquerading rule for .30.0/24 was created automatically.  Assuming that you defined the Internal interface of the UTM as "VLAN30," you will see a masq rule like 'VLAN30 (Network) -> External' in 'Network Protection >> NAT'.

    You could have trunked all three VLANs into the UTM, but let's just work with the topology you chose.  If I've understood correctly, the Core switch is configured to send all outbound traffic to the IP of "VLAN30 (Address)" on the UTM.  Assuming you nave created Network definitions for the .10.0/24 and .20.0/24 subnets named "VLAN10" and "VLAN20," you need to do two things:

    1. Create masq rules like 'VLAN10 -> External' and 'VLAN20 -> External'.
    2. Create Static Gateway Routes for both subnets like 'VLAN10 -> {Core switch}' and 'VLAN20 -> {Core switch}'.

    Communication established?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0

    Hello Melanka and welcome to the UTM Community!

    As was already mentioned, the Masquerading rule for .30.0/24 was created automatically.  Assuming that you defined the Internal interface of the UTM as "VLAN30," you will see a masq rule like 'VLAN30 (Network) -> External' in 'Network Protection >> NAT'.

    You could have trunked all three VLANs into the UTM, but let's just work with the topology you chose.  If I've understood correctly, the Core switch is configured to send all outbound traffic to the IP of "VLAN30 (Address)" on the UTM.  Assuming you nave created Network definitions for the .10.0/24 and .20.0/24 subnets named "VLAN10" and "VLAN20," you need to do two things:

    1. Create masq rules like 'VLAN10 -> External' and 'VLAN20 -> External'.
    2. Create Static Gateway Routes for both subnets like 'VLAN10 -> {Core switch}' and 'VLAN20 -> {Core switch}'.

    Communication established?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML