network routing issue

Posted on 2010-08-31
Last Modified: 2012-05-10

I have a network routing problem that I need help with. We have a DEV network which is accessible on our LAN. I have made this accessible by installing MS routing and remote access services. I have created a virtual machine with 2 vm nics, one nic is connected to a virtual switch that has an up-link connected to the LAN network and one nic connected to an internal virtual switch with no physical up-link. Other VMs are connected to the internal switch and I can ping all these VMs from the LAN network. I have configured a routing rule on our SonicWall Pro 2040 device so that LAN clients know how to access the DEV VMs. Here are the network addresses

LAN Network - 10.2 /22
DEV Network - 172.16.10 /24

I have specified on the SonicWall Pro 2040 device that if you want to get to the 172.16.10 /24 network, then go to IP gateway of This is the LAN IP address of the VM that has 2 nics and I use this as the gateway for the DEV network.

The problem is I cannot access the DEV network from outside the LAN. For example, I have a DMZ network, 172.16.0 /24 and I need to be able to access the DEV network from the DMZ network. I can ping machines on the LAN from the DMZ, but I cannot ping machines on the DEV network form the DMZ. I noticed that I cannot ping the10.2.4.100 address from the DMZ, but I can ping all other 10.2.4 addresses I chose. I also have site to site VPNs and I need remote sites to be able to access the DEV network so they can access DEV websites and the like.

I am only concerned at the moment about being able to ping IP addresses and not DNS names. Once I get the IP routing working, I will implement DNS for the DEV VMs. I have this working on the LAN at the moment, ie I can ping the DEV machine names and IP address from the LAN.

There are a few things that might come to mind that I have checked. I.e., firewall settings etc. But I think this is a routing issue rather than a firewall config issue. I think there must be something I need to configure on the SonicWall Pro 2040 device to tell machines that if you want to access the DEV network from the DMZ, then routing this way..

Any help would be appreciated

Question by:gladmins
  • 4
  • 3
LVL 20

Expert Comment

ID: 33565844
It looks like you have the routing setup on the sonicwall - assuming that works, i would check the gateway machine that you have setup. Does it have any static routes setup on it.. i.e does it know how to get traffic to the DMZ machines ?

Can you access the dev network from the LAN, if so that suggests that section of the routing is ok, i'd be looking at what the Default gateway on the DevGateway machine is, does it have any static routes to let it know how to get the DMZ and other networks that you will need it to...

I'm thinking that its logical (depending on the layout of your network) that the DevGateway machine has the sonicwall as the default GW ? or does it have a IP address on your coreswitches/routers ? if so, do they have routes for the development ip range ?
LVL 20

Expert Comment

ID: 33565854
step 1 : try a tracetroute from the developmentgateway machine to the DMZ range... see where it goes.
step 2 : if you have any layer3 switching going on (depends on the size of your network) check that the routing table on the switch knows about the development network, do a traceroute to it, and post the results.

LVL 20

Accepted Solution

woolnoir earned 500 total points
ID: 33565872
>I cannot ping the10.2.4.100 address from the DMZ, but I can ping all other 10.2.4 addresses I chose

that makes me think even more ... default GW on Developmentgateway machine or does a route exist or...
does your core router/switch know about the development IP.

The fact you can reach the 10.2.4.X range from the DMZ means the routing is in place, the fact that the address doesnt work, suggests that its the traffic FROM the machine back towards your network thats the issue.
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.


Author Comment

ID: 33566203

Thanks for your comments.  We have no layer 3 in place. It is all layer 2

I can now ping the DEV address from the DMZ after implementing the following KB article

I also removed all firewall restrictions and can now ping from DMZ to DEV..

But I cannot tracert from DMZ to DEV. I can from DMZ to LAN.

I'll pick this up tomorrow but I think I have made progress. Thanks for your help. I will award points when I see it working as you have definitely helped.


LVL 20

Expert Comment

ID: 33566506
Pinging the LAn interface on that box is some progress, but what will aid in diagnosis is if you can ping a VM machine inside, or even traceroute to a VM machine. That will verify if the routing is really working. Once you have that working you can step back and get the DMZ working.

Author Comment

ID: 33574047
Hi woolnoir,

This arcticle definately helped me as the external NIC was not replying to pings.

Enabling ICMP on the external nic helped me trouble shoot what could ping what.

Then I had my default gateways on my W2k3 router messed up. Once I specified only one default gateway to point to the LAN IP address, all my DEV machines then knew how to get to the LAN gateway address and then the SonicWall took care of routing to the DMZ..

Thanks for your help, as you helped covers the basics and which helped sort out this issue..


Author Closing Comment

ID: 33574048
The answers provided by woolnoir helped but it wasn;t the complete solution.

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your computer hacked? learn how to detect and delete malware in your PC
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question