VLAN routing and firewall

[carlwerner]

Ive setup a VLAN routing system using a cisco 3750 and several cisco 2950s. All the pcs can ping each other over the respective vlans. The connection to the internet is connected via a firewall to a routed port on the 3750. pcs on the network can ping the routed port but not the firewall which is connected to this port. Also the pcs cannot access the internet. Any ideas on this would be appreciated. The firewall is a linux suse 10 machine using NAT. The internal default gateway ip cannot be changed as it shows to the external interface to enable routing of internal traffic to external

Thanks

 

[vipergg]

Did you try putting a static default route which points to the internet address on the pix ???

 

[carlwerner]

Yes I did. The problem is that the hosts can not even ping the firewall server.

 

[ADB100]

Did you put a route on the Firewall back to your internal IP networks? What rules are on the firewall? Does it allow ICMP?

 

[Lequang]

Following is my suggestion:

1. Allow ICMP in your FW for at least on host
2. The internal routing should have default route to your FW
3. Your FW should have default route to the Internet router.
4. Then the internet router should route all packets to the external interface (leased line, etc ...)

If you do a trace route to your external DNS (of your ISP) you will see where the path of your packets.

Good luck