I have a guest access vlan setup that I want to push out all internet traffic to the DSL line on eth 0/2. I am doing this by using the route-map statements but it is not working.
Secondary DSL gateway is 192.168.10.1
I am not able to ping from:
192.168.0.1 (vlan3) to 192.168.10.1 (DSL)
I am able to ping:
from 192.168.10.10 (eth 0/2) to 192.168.10.1 (DSL)
from 192.168.0.1 (vlan 3) to 192.168.10.10)
And here's the crazy one, I can ping from 10.10.10.1 (vlan 1) to 192.168.0.1 (DSL)
Any help would be greatly appreciated.
Josh
- Thanks for posting on the forum!
First, I want to let you know that the ping from 192.168.0.1 (VLAN3) and 192.168.10.1 (DSL) will not work because source pings will not work through NATs.
On another note you mentioned, that you were able to ping from 10.10.10.1 (VLAN 1) to 192.168.0.1. However, you referred to the 192.168.0.1 as the DSL gateway. I was under the impression this was VLAN 3. Could you clarify whether you were pinging VLAN 3 or the DSL gateway from VLAN 1?
Everything on your configuration looked correct to me. To troubleshoot this further, I would recommend the following steps using a PC plugged into VLAN 3:
1. From the PC start a running ping to 4.2.2.2 . This is a DNS server out on the internet and is often pinged to confirm internet connectivity. The command to start a running ping from Windows is "ping 4.2.2.2 /t".
2. While the running ping is going, issue the show ip policy-session "Private 3 - Guest" command from the CLI of the AOS device. You will want to find the session that corresponds to the running ping you have going and verify that it is a.) being NATted correctly and b.) being directed out the correct route. If traffic is being NATted and routed correctly, the session should look something like this:
Src Vrf (if not default), Src policy class:
Protocol (TTL) [in crypto map] -> [out crypto map] Dest VRF, Dest policy-class
Src IP Address Src Port Dest IP Address Dst Port NAT IP Address NAT Port
--------------- -------- --------------- -------- ----------------- --------
Policy class "Private 3 - Guest":
icmp (60) -> "Public 3 - Guest"
192.168.10.x 1 4.2.2.2 1 s 192.168.10.10 1
If the session does not look like the above, then please post what you are seeing for us to review.
If the session does look like the above, then you will want to attempt to plug the PC directly into the DSL modem (taking the NetVanta device out of the picture) and see if you are able to get out to the internet that way. Be sure to note the IP settings your PC retrieves when plugged into the DSL modem.
Please do not hesitate to let us know if you have any questions and what your results are from the troubleshooting steps above.
Thanks,
Noor
- Thanks for posting on the forum!
First, I want to let you know that the ping from 192.168.0.1 (VLAN3) and 192.168.10.1 (DSL) will not work because source pings will not work through NATs.
On another note you mentioned, that you were able to ping from 10.10.10.1 (VLAN 1) to 192.168.0.1. However, you referred to the 192.168.0.1 as the DSL gateway. I was under the impression this was VLAN 3. Could you clarify whether you were pinging VLAN 3 or the DSL gateway from VLAN 1?
Everything on your configuration looked correct to me. To troubleshoot this further, I would recommend the following steps using a PC plugged into VLAN 3:
1. From the PC start a running ping to 4.2.2.2 . This is a DNS server out on the internet and is often pinged to confirm internet connectivity. The command to start a running ping from Windows is "ping 4.2.2.2 /t".
2. While the running ping is going, issue the show ip policy-session "Private 3 - Guest" command from the CLI of the AOS device. You will want to find the session that corresponds to the running ping you have going and verify that it is a.) being NATted correctly and b.) being directed out the correct route. If traffic is being NATted and routed correctly, the session should look something like this:
Src Vrf (if not default), Src policy class:
Protocol (TTL) [in crypto map] -> [out crypto map] Dest VRF, Dest policy-class
Src IP Address Src Port Dest IP Address Dst Port NAT IP Address NAT Port
--------------- -------- --------------- -------- ----------------- --------
Policy class "Private 3 - Guest":
icmp (60) -> "Public 3 - Guest"
192.168.10.x 1 4.2.2.2 1 s 192.168.10.10 1
If the session does not look like the above, then please post what you are seeing for us to review.
If the session does look like the above, then you will want to attempt to plug the PC directly into the DSL modem (taking the NetVanta device out of the picture) and see if you are able to get out to the internet that way. Be sure to note the IP settings your PC retrieves when plugged into the DSL modem.
Please do not hesitate to let us know if you have any questions and what your results are from the troubleshooting steps above.
Thanks,
Noor
noor,
Thanks for the reply. I've been working with Adtran support and it appears there was a programming issue, but the main problem we think is the DSL modem is not functioning properly. If something changes, I'll let you know.
Josh