Disclaimer

The content of this material are challenges faced onsite and how I personally resolved them. Please be noted that solutions posted here

1> should not be considered as ultimate. The material may be considered for reference only.

2> should not be considered as guarantee that solutions may work. Contact Cyberoam support before making any changes.

3> blog does NOT belong to the Cyberoam. It's a blog...a personal blog.

Changes done after referring this site may seriously damage the network. So...

........DO CHANGES AT YOUR OWN RISK

(please contact cyberoamsupport before implementing any changes)

Friday, 2 December 2011

Deployment Scenario 1

Current Network:

Internet-->PIX-->Cisco 2800-->Cisco Catalyst 3560-->Cisco 2900 switch

After deploying CR:

Internet-->CR-->Cisco 2800-->Cisco Catalyst 3560-->Cisco 2900 Switch

More on Network:


  • There were vlans on the network.
  • there were multiple 2900s connected to catalyst 
  • catalyst was responsible for the intervlan routing
  • NAT was only done on pix, so will the cyberoam.
Issue:  No user from any VLAN was able to access internet

Debugging:
1> users were able to reach Cisco 2800
2> From Cisco 2800 we could ping CR and the vlan computers
3> From CR we could ping Cisco 2800 WAN interface but not the LAN interface IP. 

Clearly it was a routing issue. So we created static routes for a single vlan just to confirm. The static route we added was

if the destination is vlan 1 subnet then next hop will be cisco 2800 wan ip address

And it started working. 



Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)