Hello Team,I am running into a problem where we are not able to locate the issue. We have network of 10 aruba 1930- instant on switches, one of those are used as core switch. Vlans with their interfaces are created on the core switch, intervlan routing is working properly. For internet, i created a vlan 100 and gave it ip 10.10.100.1/24 , and untagged it on a port on the core switch. This port is connected to physical interface on hillstone firewall of ip 10.10.100.2/24. Default route is created on the core switch created 0.0.0.0 0.0.0.0 10.10.100.2 .Default route on the firewall is created to the internet gateway. Also static routes created on the firewall for reaching the internal vlans ( for example for vlan 10 : ip route 192.168.10.0 255.255.255.0 10.10.100.1 ) . Natting is configured on firewall, also proper policy rules are configured to allow internal packets to the internet.
The behavior from core side and firewall side is similar. From core side we are able to ping the firewall interface but still cannot reach internet, traffic is outgoing only when it comes to internet traffic. From firewall side, we are able to ping the core switch interface , and the SVIs as well, the weird thing is that we are not able to ping internal devices but able to ping their gateway. For example, from firewall i cannot ping a device in vlan 10 on core switch ( 192.168.10.5 ) , it failed , but i can ping the 192.168.10.1. When doing tracert from firewall to 192.168.10.1 the routing is correct where the hop is 10.10.100.1 , but when doing tracert from firewall to internal device ( 192.168.10.5) the routing is not correct and the next hop is the internet gateway ( 192.168.250.1 ). Below is an illustration of the setup . Actually i am beginning to run out of ideas , appreciate your support, thank you
------------------------------
mohammad shamseddine
------------------------------