Hi all, long time lurker but starting to get stressed and not really sure where to turn for .. well any semblance of help on this on any steps I might be missing ..
This is all to add another internet line to a specific department, which includes a new firewall to go with current due to switching throughout of our current firewall
I'm currently at a point where my static routes work THROUGH the transit vlan I made, that is I can ping the VLAN interfaces for the 190 net and the firewall transit networks, but my Asa is not sending it as NAT.
I can ping Google from outside interface, but can't from inside.
This is using a transit lan... So for example 192.168.190.0/ 24 routes to 172.16.17.1/29 (This is on a 2960x enabled to do static routing)
The key thing is I copied EXACTLY my natting setting from the one not working to a test interface port on firewall and made it a flat network... And it worked
Is there a missing step because the 190. Net doesn't actually have a physical point on firewall? Like i set a static route to use the 172 net, but does the firewall need something?
For testing purposes all internal interfaces are currently allow all
The end goal is to have a default route to firewall, but the have some static routes to our core switch (cisco 4500) for DHCp server, printers access, mangemtn VLAN etc
I'm almost tempted to just make the 2960x back to l2, and drag another cable from a few interface to our 4500 for printer, management and other vlans, but I feel like that would be giving up....
I have configs if you like, I just ..need to rant out and bounce something off somebody..
No comments:
Post a Comment