Options

VLAN L3 switch routing

tonymardertonymarder
in Firebox - Networking, Multi-Wan, VLAN, NAT, SD-WAN

I have a firebox connected to L3 HP Switch, my network has many VLANS all tagged to the firebox, using Dynamic NAT my external network (not internet) routes and has connectivity to all VLANS, but now I want to route from a VLAN on my L3 switch to another VLAN on my firebox.

I'm trying to build a SNAT from an IP address all my VLANS (10.28.0.0/16) can access into a closed network VLAN / host 192.168.101.1

I've got the SNAT working great from 10.28.104.100, but I wan this IP to be accessible from all 10.28.0.0/16

VLAN 104
VLAN 104 Tagged to Firebox, Firebox IP (VLAN)10.28.104.253/24, Secondary IP 10,28.104.100

VLAN IP in Switch 10.28.104.254/24
**From Inside VLAN 104 I can ping 10.28.104.100

VLAN 100 (example of many)
VLAN 100 Tagged to Firebox, Firebox IP (VLAN)10.28.100.253/24
VLAN IP in Switch 10.28.100.254/24

**From inside VLAN 100, I can't ping 10.28.104 100

Firewall Ping = Any to Any for testing

In the L3 Switch 10.28.100.0 should route to 10.28.104.0, but the traffic never finds the 10.28.104.100 address within the VLAN.

I'm doing something fundamentally wrong.

Comments

  • Options
    Bruce_BriggsBruce_Briggs

    I would expect you to have packets from 10.28.100.x go to the firewall to route to anything.

    "In the L3 Switch 10.28.100.0 should route to 10.28.104.0"
    If the L3 switch is doing routing between VLANs then you won't see the traffic hit the firewall - thus the firewall ping policy won't log anything for this test.

Sign In to comment.