Equipment:
Old Internet Gateway Cisco 1941K IP 192.168.111.248, no VLAN. All L3 Switch has it as gateway of last resort 0.0.0.0.
New Internet Gateway SG330 (Intenal VLAN1 10.0.0.248, VLAN10 10.0.10.248, VLAN20 10.0.20.248. VLAN21 10.0.21.248, etc...)
Office L3 Switch (Default VLAN1 10.0.0.1, VLAN10 10.0.10.1, VLAN20 10.0.20.1. VLAN21 10.0.21.1, etc...)
Mill1 L3 Switch (Default VLAN1 10.0.0.2, VLAN10 10.0.10.2, VLAN20 10.0.20.2. VLAN21 10.0.21.2, etc...)
Mill2 L3 Switch (Default VLAN1 10.0.0.3, VLAN10 10.0.10.3, VLAN20 10.0.20.3. VLAN21 10.0.21.3, etc...)
RDP Server Original 10.0.0.55/24 gw 10.0.0.1
RDP Server Clone 10.0.0.49/24 gw 10.0.0.248
HTTP 8088 Server Original 10.0.0.70/24 gw 10.0.0.1
HTTP 8088 Server Clone 10.0.0.71/24 gw 10.0.0.1
Test PC on VLAN 20, 10.0.20.101/24 gw 10.0.20.2 in Mill Plant1
Buildings:
All buildings are connected from their L3 switches with 10G fibre between buildings... Daisy chained. Office->Mill Plant1->Mill Plant2->Boiler Plant->Mill Plant3->... 10 buildings in all
Head Office : Internet GW, Servers on VLAN1 (10.0.0.x) with Office L3 switch as Gateway (10.0.0.1), Office computers, printers on VLAN 10 (10.0.10.x) with Office L3 switch as Gateway (10.0.10.1)
Mill Plant1 : Plant manager/foreman and printers on VLAN20 (10.0.20.x) with Mill1 L3 as Gateway (10.0.20.2), Mill Equipment and PLCs on VLAN 21,22 (10.0.21,22.x) with Office L3 as Gateway (10.0.21,22.2)
Mill Plant2 : Plant manager/foreman and printers on VLAN30 (10.0.30.x) with Mill2 L3 as Gateway (10.0.30.3), Mill Equipment and PLCs on VLAN 31,32,33 (10.0.31,32,33.x) with Office L3 as Gateway (10.0.31,32,33.3)
Mill3 ...
ETC....
Electrical instability (Main Electrical do fail) pushes me to maintain all device gateway to their local building L3 Switch. Internal Building VLANs need to talk to each other so plant doesn't stop. If Mill Plant1 electrical fails, Mill Plant2 connection to Office fails, but VLAN 31,32 still need to be routed for mill to work. Sometime repairs need time, so UPS can't always be a solution. So SG330(Office building) can't route all devices
Ok, I want to replace my old Internet GW with a Sophos SG330... I also want to replace the gateway of my servers to the SG330 10.0.0.248, because my Office Switch 10.0.0.1
has ARP table full issues (Because all servers traffic are routed to PCs)
Now issues when I cloned 2 servers and change their gateway to the SG330 as wanted. Added a policy to HP 9100 and snmp to all VLANs and printing works fine (I'm also testing a Watchguard M400 and even with Rules, as per their support, It can't work because the printer gw are their local L3 Switch)
Now to RDP and Http 8088, even with rules All VLANs to All VLANs RDP, Test PC -> RDP Server Clone times out. To make sure it's not the servers Test PC -> RDP Server Original works. If I change the Test PC gw to 10.0.0.248, it works with the Clone Server.
Traceroute:
Test PC (10.0.20.101) RDP request -> gw Mill1 L3 Switch 10.0.20.2/10.0.0.2 -> RDP Server Clone (10.0.0.49) -> gw SG330 10.0.0.248/10.0.20.248 -> Test PC (10.0.20.101) ->Times Out
Test PC (10.0.20.101) RDP request -> gw Mill1 L3 Switch 10.0.20.2/10.0.0.2 -> RDP Server Original (10.0.0.55) -> gw Office L3 Switch 10.0.0.1/10.0.20.1 -> Test PC (10.0.20.101) ->Success
Test PC with gw changed to SG330 (10.0.20.101) RDP request -> gw SG330 10.0.20.248/10.0.0.248 -> RDP Server Clone (10.0.0.49) -> gw SG330 10.0.0.248/10.0.20.248 -> Test PC (10.0.20.101) ->Success
Does anyone know why my first test fails? I think it should work because the network printers work. And Server and Printers have a SG330/L3 Switch gateway mix. I'm probably missing something.
This thread was automatically locked due to age.
