Hi all,
attached you can find the scenario for which I need your help.
On Catalyst 4500 I have two vlans, for my two office network services. For each vlan I created a VRF Lite routing. Then I have other two vlans to interface with firewall.
My Issue is that I can't ping Access Box 172.28.2.1 from PC 172.27.1.109.
All the traffic has to pass throw the firewall, but it seems that it's not so, since if I perform a tracert from the PC 172.27.1.109 it stops at 172.27.1.1, that is its gateway, and not at firewall interface 172.105.1.4 as I would like to be.
Following are the configuration of the 4510 Core Switch:
ip vrf BN_A
description "vrf backbone A"
!
interface GigabitEthernet2/7
description --- Link to ASA_BN_A ---
switchport trunk allowed vlan 104
switchport mode trunk
spanning-tree portfast trunk
!
interface GigabitEthernet2/46
description --- Link to ASA COM ---
switchport trunk allowed vlan 105
switchport mode trunk
spanning-tree portfast trunk
!
interface GigabitEthernet3/9
description -- Link to Switch 172.27.65.1 ---
switchport trunk allowed vlan 10
switchport mode trunk
!
interface Vlan10
description --- NET_A ---
ip vrf forwarding BN_A
ip address 172.27.65.254
!
interface Vlan100
description --- VLAN Management ---
ip vrf forwarding omega
ip address 172.27.1.1 255.255.255.0
!
interface Vlan105
description --- VLAN Management to FW ---
ip vrf forwarding omega
ip address 172.105.1.2 255.255.255.0
!
ip route vrf BN_A 0.0.0.0 0.0.0.0 172.104.1.4
ip route vrf BN_A 172.28.2.0 255.255.255.0 172.27.65.2
ip route vrf omega 172.18.0.0 255.255.255.0 172.105.1.4
ip route vrf omega 172.20.0.0 255.255.255.0 172.105.1.4
ip route vrf omega 172.26.0.0 255.255.255.0 172.105.1.4
ip route vrf omega 172.27.65.0 255.255.255.0 172.105.1.4
ip route vrf omega 172.28.2.0 255.255.255.0 172.105.1.4
I hope you will help me.
Tell me if you need something else to study the case.
attached you can find the scenario for which I need your help.
On Catalyst 4500 I have two vlans, for my two office network services. For each vlan I created a VRF Lite routing. Then I have other two vlans to interface with firewall.
My Issue is that I can't ping Access Box 172.28.2.1 from PC 172.27.1.109.
All the traffic has to pass throw the firewall, but it seems that it's not so, since if I perform a tracert from the PC 172.27.1.109 it stops at 172.27.1.1, that is its gateway, and not at firewall interface 172.105.1.4 as I would like to be.
Following are the configuration of the 4510 Core Switch:
ip vrf BN_A
description "vrf backbone A"
!
interface GigabitEthernet2/7
description --- Link to ASA_BN_A ---
switchport trunk allowed vlan 104
switchport mode trunk
spanning-tree portfast trunk
!
interface GigabitEthernet2/46
description --- Link to ASA COM ---
switchport trunk allowed vlan 105
switchport mode trunk
spanning-tree portfast trunk
!
interface GigabitEthernet3/9
description -- Link to Switch 172.27.65.1 ---
switchport trunk allowed vlan 10
switchport mode trunk
!
interface Vlan10
description --- NET_A ---
ip vrf forwarding BN_A
ip address 172.27.65.254
!
interface Vlan100
description --- VLAN Management ---
ip vrf forwarding omega
ip address 172.27.1.1 255.255.255.0
!
interface Vlan105
description --- VLAN Management to FW ---
ip vrf forwarding omega
ip address 172.105.1.2 255.255.255.0
!
ip route vrf BN_A 0.0.0.0 0.0.0.0 172.104.1.4
ip route vrf BN_A 172.28.2.0 255.255.255.0 172.27.65.2
ip route vrf omega 172.18.0.0 255.255.255.0 172.105.1.4
ip route vrf omega 172.20.0.0 255.255.255.0 172.105.1.4
ip route vrf omega 172.26.0.0 255.255.255.0 172.105.1.4
ip route vrf omega 172.27.65.0 255.255.255.0 172.105.1.4
ip route vrf omega 172.28.2.0 255.255.255.0 172.105.1.4
I hope you will help me.
Tell me if you need something else to study the case.
