I have a puzzling problem, we have:
A DMZ (10.1.8.1)
A Public Internal network (10.1.10.1)
A Private Internal network (10.1.9.1)
A sister site's network (10.1.4.1) This network is at the other end of a 100Mb LES Link
At either side of the LES link is an Avaya Layer 3 switch, (10.1.10.254) on the public internal network and (10.1.4.1) at the sister site's network.
In between the two layer 3 switches on the LES link we have a 10.1.5.1 network
Now, I have opened up rules on the FW to allow data to pass between 10.1.8.5 & 10.1.4.20
I can ping 10.1.8.5 from 10.1.4.20 and see the following tracert:
Hop 1 : 10.1.4.1 (default gateway - on Layer 3 switch at sister site)
Hop 2 : 10.1.5.2 (our side of the internal LES 100 link - on Layer 3 switch at our site)
Hop 3: 10.1.10.1 (internal public firewall interface at our site)
Hop 4 : 10.1.8.5 (destination machine on DMZ)
However, when I try to send a tracert the other way, I get
Hop 1 : 10.1.8.1 (DMZ firewall interface)
Hop 2 : 10.1.10.254 (our side of the Layer 3 switch at our site)
Hop 3 : * * * Request Timed out
It IS POSSIBLE to contact the 10.1.4.0/24 site from the 10.1.9.0/24 & 10.1.10.0/24 networks, just not from the 10.1.8.0/24 networks!
I'm at the end of my tether with this now, please can someone help me!