Port forwarding to a different VLAN

SOLVED
Announcer
Getting noticed

Port forwarding to a different VLAN

My native vlan is 192.168.10.0.  I created a new vlan to host just the webserver mimicking a DMZ.  The new vlan20 is 192.168.20.0.  

I have allowed vlan20 in the "allowed vlan's" on the active port along with the native vlan1

The web server is 192.168.20.5 and I port forward port 80 to this address.  

However, when I move the webserver from the current .10 network to the vlan20 network, people cannot access it from the web.  What am I doing wrong or what more needs to be done?

1 ACCEPTED SOLUTION
Announcer
Getting noticed

Update:  Turns out the dns entry for www was pointing to old server.  Changed it to new server and access to web is ok.  Always dns....

View solution in original post

6 REPLIES 6
Announcer
Getting noticed

KarstenI
Kind of a big deal

  1. Did you reconfigure the Webserver for the new subnet and the correct MX IP as the gateway?
  2. Can you reach the Webserver from the MX and vice versa?
  3. Can you reach the web server from the internal network?
Brash
Head in the Cloud

That's a good guide to follow.

Is your web server directly connected to the MX or elsewhere in the network?

Is the webserver tagged correctly with the new vlan?

Are you able to reach it from another computer in the network on vlan 20?

Hi, an update here.

It is a linux machine btw.  I was able to change the current ip on it to xxx.20.5 and could ping it from vlan1 and another pc in vlan20, and from the MX.  I adjusted the port forward to xxx.20.5 port 80 but the website does not resolve.  Is there a time frame that needs syncing?

The webserver has xxx.20.1 as the default gateway which was setup with the vlan

PhilipDAth
Kind of a big deal

Forget the web forwarding for the moment, and make sure the webserver has Internet connectivity.  Make sure you web browse to the Internet.

 

Once you know that works, take a look at Windows firewall (and any software firewall).  If you have moved the subnet it is in, Windows might have changed to blocking all inward ports again.

 

Once you know those two are good, come back to the inbound forwarding.  Can the MX ping the web server ok (to verify network connectivity)?

Announcer
Getting noticed

Update:  Turns out the dns entry for www was pointing to old server.  Changed it to new server and access to web is ok.  Always dns....

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels