Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Connecting nsa3650 to Cisco 9300 L3 Switch

Hi everyone,

I'm no routing expert and also am new to Sonicwall. I have an NSA360 and a Cisco 9300 and am trying to get everything to play well together.

On the firewall: x20 is the WAN interface with ip x.x.x.x. x21 is the LAN interface with ip 10.10.50.1.

On the switch is svi 10 with an ip of 10.10.10.1 and a pc plugged into one of the ports as 10.10.10.100 with the default gateway of 10.10.10.1. Also svi 50 with an ip of 10.10.50.2 and using an interface as an access port that is connected to x21.

I can ping 10.10.50.2 from the firewall and 10.10.50.1 from the switch. But I can't ping 10.10.10.1 from the firewall and can't ping 10.10.50.1 from the pc.

I've read about adding a route or using virtual interfaces on the firewall. I've tried both but can't get it to work. Any help is greatly appreciated.

Thanks!

Category: Entry Level Firewalls
Reply

Best Answer

  • CORRECT ANSWER
    MasterRoshiMasterRoshi Moderator
    Answer ✓

    Does the switch have a route to the firewall?

    Do you have a route for the 10.10.10.0/24 network on the firewall pointing to the switch IP on a shared segment?

    You likely don't have one which means the firewall will send the reply packet out its default gateway (ISP) or the switch won't forward it to the FW.

Answers

  • AjishlalAjishlal Community Legend ✭✭✭✭✭

    Hi @pinaldps,

    Create the default static route in your CISCO 9300.

    # ip route 0.0.0.0 0.0.0.0 10.10.50.1

    Above command sets destination network to 0.0.0.0/0 that represents all networks.

    If you cannot do the ping from your Firewall subnet to the internal VLAN, You have to create static route in your Firewall too.

    For your reference I hereby mentioned one previous commend for the same request;


  • pinaldpspinaldps Newbie ✭

    I found when I had added the route on the firewall I didn't use the correct gateway ip. Once I corrected it everything works as expected.

    Thanks for your suggestions.

Sign In or Register to comment.