Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

Troubleshooting
Research
Professional Opinions
Ask a Question
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

troubleshooting Question

Can't access seperate company LAN from our DMZ

Avatar of A4eIT
A4eIT asked on
RoutersSoftware FirewallsSwitches / Hubs
2 Comments1 Solution234 ViewsLast Modified:
Hi All,

I have a puzzling problem, we have:

A DMZ (10.1.8.1)
A Public Internal network (10.1.10.1)
A Private Internal network (10.1.9.1)
A sister site's network (10.1.4.1) This network is at the other end of a 100Mb LES Link

At either side of the LES link is an Avaya Layer 3 switch, (10.1.10.254) on the public internal network and (10.1.4.1) at the sister site's network.

In between the two layer 3 switches on the LES link we have a 10.1.5.1 network

Now, I have opened up rules on the FW to allow data to pass between 10.1.8.5 & 10.1.4.20

I can ping 10.1.8.5 from 10.1.4.20 and see the following tracert:

Hop 1 : 10.1.4.1 (default gateway - on Layer 3 switch at sister site)
Hop 2 : 10.1.5.2 (our side of the internal LES 100 link - on Layer 3 switch at our site)
Hop 3: 10.1.10.1 (internal public firewall interface at our site)
Hop 4 : 10.1.8.5 (destination machine on DMZ)

However, when I try to send a tracert the other way, I get

Hop 1 : 10.1.8.1 (DMZ firewall interface)
Hop 2 : 10.1.10.254 (our side of the Layer 3 switch at our site)
Hop 3 : *     *    *  Request Timed out

It IS POSSIBLE to contact the 10.1.4.0/24 site from the 10.1.9.0/24 & 10.1.10.0/24 networks, just not from the 10.1.8.0/24 networks!

I'm at the end of my tether with this now, please can someone help me!

Thanks
Andy
ASKER CERTIFIED SOLUTION
Avatar of Dooglave
Dooglave

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Commented:
This problem has been solved!
Unlock 1 Answer and 2 Comments.
See Answers