Solved

Can't access seperate company LAN from our DMZ

Posted on 2007-03-21
2
200 Views
Last Modified: 2013-11-16
Hi All,

I have a puzzling problem, we have:

A DMZ (10.1.8.1)
A Public Internal network (10.1.10.1)
A Private Internal network (10.1.9.1)
A sister site's network (10.1.4.1) This network is at the other end of a 100Mb LES Link

At either side of the LES link is an Avaya Layer 3 switch, (10.1.10.254) on the public internal network and (10.1.4.1) at the sister site's network.

In between the two layer 3 switches on the LES link we have a 10.1.5.1 network

Now, I have opened up rules on the FW to allow data to pass between 10.1.8.5 & 10.1.4.20

I can ping 10.1.8.5 from 10.1.4.20 and see the following tracert:

Hop 1 : 10.1.4.1 (default gateway - on Layer 3 switch at sister site)
Hop 2 : 10.1.5.2 (our side of the internal LES 100 link - on Layer 3 switch at our site)
Hop 3: 10.1.10.1 (internal public firewall interface at our site)
Hop 4 : 10.1.8.5 (destination machine on DMZ)

However, when I try to send a tracert the other way, I get

Hop 1 : 10.1.8.1 (DMZ firewall interface)
Hop 2 : 10.1.10.254 (our side of the Layer 3 switch at our site)
Hop 3 : *     *    *  Request Timed out

It IS POSSIBLE to contact the 10.1.4.0/24 site from the 10.1.9.0/24 & 10.1.10.0/24 networks, just not from the 10.1.8.0/24 networks!

I'm at the end of my tether with this now, please can someone help me!

Thanks
Andy
0
Comment
Question by:A4eIT
2 Comments
 
LVL 6

Accepted Solution

by:
Dooglave earned 500 total points
ID: 18768238
Do you see the ping or other traffic in your SmartView Tracker logs.  You should see encrypts going out and Decrypts coming in.

Run a TCP Dump and determine if you have ESP packets leaving your GW when you ping out.
How are they addressed, Do you have NAT enabled in any way?
0
 

Author Comment

by:A4eIT
ID: 18904196
Hi all, turns out to be a NAT problem
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now