Help!, because Cisco says they can't. Firewall & Vlan problem.

Thu, 01 Mar 2001 19:14:02 -0800 

You guys have always been on target for me. I am hoping you give some
insight to this. (the following addresses have been slightly altered for
obvious reasons but they are true to the real ones).

Overview.

I am upgrading a network which has a 155.102.0.0 255.255.0.0 network. It is
flat. I have implemented a new IP Scheme  to be used in several VLAN's and
am trying to migrate to it. IP range is 10.25.192.0 - 10.25.223.254 broken
up into several /24's. There are 600 devices. Now to the nitty gritty.

Network Description

The 6506 has seven VLAN's configured as follows:
VLAN 1 - 10.25.223.2 /24 Primary & 155.102.127.26 /16 secondary.
VLAN 2 - 10.25.215.254 /24
VLAN 3 - 10.25.216.254 /24
to -
VLAN 7 - 10.25.220.254 /24

There are 2 2600's which are routing to an ASP. Their addresses are  router
A - 10.25.223.3 & B - .4 with .5 as HSRP.
There is a Pix 515 using address 155.102.18.191 Nating to the internet.
The 2600's have an extended access list on them which directs Port 80
traffic from the 159.102.x.x network between the ASP WAN and the internet.
They are also doing NAT from the ASP to the 155.102.x.x network. 1 class C
NAT pool for each router. A- 10.25.213.0 /24, B - 10.25.214.0 /24.

Problem

I cannot ping the firewall interface from the MFSC or the 6506 or from any
workstation that is using ANY of the VLAN default gateways. I have full
connectivity to the asp wan. I have full connectivity to the other VLAN's.
When devices use the 2600's HSRP address as default gateway, they have
access to the firewall, the asp and the VLAN's. I have no access to the
2600's as they do not belong to us.

I spoke with the Cisco TAC a few times. They gave up and wouldn't escalate
it because they could not find our service contract that we purchased. They
were anxious to close the case.

The trick to this migration is to maintain connectivity to all devices as
they are being migrated to the new IP scheme.

I will be very grateful to any serious replies to this situation.

Thanks for your expertise!
Rob


_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to