Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Can't access seperate company LAN from our DMZ

Posted on 2007-03-21
2
Medium Priority
?
208 Views
Last Modified: 2013-11-16
Hi All,

I have a puzzling problem, we have:

A DMZ (10.1.8.1)
A Public Internal network (10.1.10.1)
A Private Internal network (10.1.9.1)
A sister site's network (10.1.4.1) This network is at the other end of a 100Mb LES Link

At either side of the LES link is an Avaya Layer 3 switch, (10.1.10.254) on the public internal network and (10.1.4.1) at the sister site's network.

In between the two layer 3 switches on the LES link we have a 10.1.5.1 network

Now, I have opened up rules on the FW to allow data to pass between 10.1.8.5 & 10.1.4.20

I can ping 10.1.8.5 from 10.1.4.20 and see the following tracert:

Hop 1 : 10.1.4.1 (default gateway - on Layer 3 switch at sister site)
Hop 2 : 10.1.5.2 (our side of the internal LES 100 link - on Layer 3 switch at our site)
Hop 3: 10.1.10.1 (internal public firewall interface at our site)
Hop 4 : 10.1.8.5 (destination machine on DMZ)

However, when I try to send a tracert the other way, I get

Hop 1 : 10.1.8.1 (DMZ firewall interface)
Hop 2 : 10.1.10.254 (our side of the Layer 3 switch at our site)
Hop 3 : *     *    *  Request Timed out

It IS POSSIBLE to contact the 10.1.4.0/24 site from the 10.1.9.0/24 & 10.1.10.0/24 networks, just not from the 10.1.8.0/24 networks!

I'm at the end of my tether with this now, please can someone help me!

Thanks
Andy
0
Comment
Question by:A4eIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Accepted Solution

by:
Dooglave earned 2000 total points
ID: 18768238
Do you see the ping or other traffic in your SmartView Tracker logs.  You should see encrypts going out and Decrypts coming in.

Run a TCP Dump and determine if you have ESP packets leaving your GW when you ping out.
How are they addressed, Do you have NAT enabled in any way?
0
 

Author Comment

by:A4eIT
ID: 18904196
Hi all, turns out to be a NAT problem
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question