• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 209
  • Last Modified:

Can't access seperate company LAN from our DMZ

Hi All,

I have a puzzling problem, we have:

A Public Internal network (
A Private Internal network (
A sister site's network ( This network is at the other end of a 100Mb LES Link

At either side of the LES link is an Avaya Layer 3 switch, ( on the public internal network and ( at the sister site's network.

In between the two layer 3 switches on the LES link we have a network

Now, I have opened up rules on the FW to allow data to pass between &

I can ping from and see the following tracert:

Hop 1 : (default gateway - on Layer 3 switch at sister site)
Hop 2 : (our side of the internal LES 100 link - on Layer 3 switch at our site)
Hop 3: (internal public firewall interface at our site)
Hop 4 : (destination machine on DMZ)

However, when I try to send a tracert the other way, I get

Hop 1 : (DMZ firewall interface)
Hop 2 : (our side of the Layer 3 switch at our site)
Hop 3 : *     *    *  Request Timed out

It IS POSSIBLE to contact the site from the & networks, just not from the networks!

I'm at the end of my tether with this now, please can someone help me!

1 Solution
Do you see the ping or other traffic in your SmartView Tracker logs.  You should see encrypts going out and Decrypts coming in.

Run a TCP Dump and determine if you have ESP packets leaving your GW when you ping out.
How are they addressed, Do you have NAT enabled in any way?
A4eITAuthor Commented:
Hi all, turns out to be a NAT problem
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now