Re: Pretty simple really

#53899
gordonf
Member

As long as your L3 switch is doing the basic routing for the other VLANs, you need to tell that switch to use the ZS ETH01 IP as its own default gateway.

Then you need to add three static routes on ZS back to your L3 switch’s VLAN 1 IP. This is the step that a lot of people forget, because it makes intuitive sense to add routes out, but it doesn’t make intuitive sense to add routes back in.

The resulting routing table in ZS should look something like this:

Destination     Gateway        Genmask        Iface
0.0.0.0 10.10.10.1 0.0.0.0 ETH00
10.10.10.0 * 255.255.255.0 ETH00
172.22.128.0 * 255.255.252.0 ETH01
172.22.150.0 172.22.128.1 255.255.255.0 ETH01
172.22.160.0 172.22.128.1 255.255.255.0 ETH01
172.22.170.0 172.22.128.1 255.255.255.0 ETH01

…in addition you’ll see VPN99 or other interfaces that won’t affect you unless you’re actually using them.

(Edit: I’m used to using ETH00 as my inside interface and ETH01 as my outside, but either way works I think.)