Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 5 subscribers
  • Views 2747 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No internet access to some VLANs

Melanka Dilsara

Hi,

 

I have configured the setup mentioned in following drawing with Cisco 3650 core switch and two Cisco 2960 switches. After configuring ip route 0.0.0.0 0.0.0.0 192.168.30.254 on core switch, vlan 30 is able to access internet while other vlans couldn't. Could someone please say what seems to be the issue preventing vlan 10 and 20 from accessing internet?

DHCP server and inter-vlan routing is working. I've installed Sophos UTM v9 on a ESXi host



This thread was automatically locked due to age.
  • 0

    Mostly there is a missing masquerading rule.

    The masq-rule for direct connected VLAN30 is created by wizzard (if used).

  • 0

    Hi  

    Do you see traffic coming into the UTM for VLAN 10 and 20 network? Also, you must have configured either an SNAT or Masquerading rule to allow them out on the Internet.

  • 0

    Hello Melanka and welcome to the UTM Community!

    As was already mentioned, the Masquerading rule for .30.0/24 was created automatically.  Assuming that you defined the Internal interface of the UTM as "VLAN30," you will see a masq rule like 'VLAN30 (Network) -> External' in 'Network Protection >> NAT'.

    You could have trunked all three VLANs into the UTM, but let's just work with the topology you chose.  If I've understood correctly, the Core switch is configured to send all outbound traffic to the IP of "VLAN30 (Address)" on the UTM.  Assuming you nave created Network definitions for the .10.0/24 and .20.0/24 subnets named "VLAN10" and "VLAN20," you need to do two things:

    1. Create masq rules like 'VLAN10 -> External' and 'VLAN20 -> External'.
    2. Create Static Gateway Routes for both subnets like 'VLAN10 -> {Core switch}' and 'VLAN20 -> {Core switch}'.

    Communication established?

    Cheers - Bob