?
Solved

Watchguard Unable to Access IP on Same Subnet

Posted on 2013-06-21
16
Medium Priority
?
502 Views
Last Modified: 2013-07-14
we have a web based device that we were able to access fine before installing the watchguard and now are not able to.. here is the scenario
the Site is at IP - *.*.173.130 / 28.. Our Static IP is *.*.173.131 / 28. i am able to access this site from other locations... To test i bypassed the firewall by plugging in the Ethernet cable directly from the ISP to my PC and gave it the static IP of *.*.173.131... i originally assumed this to be a routing issue at the ISP level As I am able to access it just fine bypassing the watchguard.  I have added a route for that IP using the Gateway of the watchguard with no luck
0
Comment
Question by:bdsstep
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 7
16 Comments
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39267063
Which watchguard firewall
0
 

Author Comment

by:bdsstep
ID: 39267071
XTM25
0
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39267072
you need to create an inbound policy so that the traffic is routed to the internal ip

open up the ports
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 

Author Comment

by:bdsstep
ID: 39267079
Sorry, Maybe my post was not correct, or i am mis undestanding...
the Web Device that we need to access is at .130
OUR IP with the Watchguard XTM25 is .131

on the .130 it is setup as a straight NAT on port 80 and IS accessible from anywhere else in the world, just not from behind this Firebox.
0
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39267086
ok my fault.  you need to have a policy to let out traffic to port 80 from internal ip addresses to to your external isp
0
 

Author Comment

by:bdsstep
ID: 39267094
we are not filtering or blocking any outbound traffic... we are also not able to Ping the .130 (web interface)
0
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39267096
mine is setup as a http proxy from my internal ip addresses to my external port that goes out to my isp
0
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39267098
can you put screen shots on here of your policy with ip addresses
0
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39267103
do you have a log file from the watchguard
0
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39267123
For ping you need to open icmp
0
 

Author Comment

by:bdsstep
ID: 39267127
We are Not Blocking Any outbound traffic.  so i don't think it is a policy issue, it appears to be a routing issue... without the route i get

PING *.*.173.130 (*.*.173.130) 56(84) bytes of data.
From *.*.173.131 icmp_seq=1 Destination Host Unreachable
From *.*.173.131 icmp_seq=2 Destination Host Unreachable
From *.*.173.131 icmp_seq=3 Destination Host Unreachable
0
 

Author Comment

by:bdsstep
ID: 39267134
ICMP is enabled on the .130 end.. I am able to ping it from any other location
0
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39272496
do you have any log files
0
 

Accepted Solution

by:
bdsstep earned 0 total points
ID: 39272694
we have contacted our ISP and they have decided to give us and IP in a different Subnet to resolve the problem.
0
 
LVL 9

Expert Comment

by:Mike Roe
ID: 39272818
that works too
0
 

Author Closing Comment

by:bdsstep
ID: 39324418
figured it out on our own
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month8 days, 18 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question