PLCITS
asked on
Ping general failure windows 7
I have 2 VLANS 10.1.1.x and 10.1.2.x when I ping from 10.1.1.X to 10.1.2.x is answered but when I ping from 10.1.2.x to 10.1.1.x I got Ping General Failure why?
I have the policy in the firewall I have the router correct
the only different in the computer 10.1.2.x I dont put the gateway because I dont want internet in the computer just network but when I add the gateway I have communication form 10.1.2.x to 10.1.1.x is incorrect not put the gateway? or should work with out gateway?
I have the policy in the firewall I have the router correct
the only different in the computer 10.1.2.x I dont put the gateway because I dont want internet in the computer just network but when I add the gateway I have communication form 10.1.2.x to 10.1.1.x is incorrect not put the gateway? or should work with out gateway?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can put fake DNS in NIC properties or edit Users HOST file (you cna do it using GPO) and put your DNS as 127.0.0.1
Without DNS they not going to be able surf internet.
Without DNS they not going to be able surf internet.
Two different subnet requires a router to do the routing for you,
If you provide a default route to the other subnet like 0.0.0.0 10.2.2.1 you will still provide internet to that subnet.
What you want to do is allow the router to do its job but create a rule in the firewall or router to block second subnet from using the internet.
So a simple rule would block (2) subnet UDP/TCP port 53 on Wan from Wan interface
So local DNS would work but, not for internet.
Or port forwarding so forward all dns request on (2) subnet to (2) subnet local host
If you provide a default route to the other subnet like 0.0.0.0 10.2.2.1 you will still provide internet to that subnet.
What you want to do is allow the router to do its job but create a rule in the firewall or router to block second subnet from using the internet.
So a simple rule would block (2) subnet UDP/TCP port 53 on Wan from Wan interface
So local DNS would work but, not for internet.
Or port forwarding so forward all dns request on (2) subnet to (2) subnet local host
What type of machines are on 10.1.2.x? And what software is on them? That has a decent probability of being a software related issue. Sometimes it can be antivirus software, sometimes a VPN client. Target a few applications and uninstall one at a time, then try to ping.
For the system you do not want on the internet, do your block at the router or firewall.
For the system you do not want on the internet, do your block at the router or firewall.
You can translate default gateway in router, this routers knows the way to other vlan but also to the internet.
You can leave the default gateway out but then you have to add a manual route to the windows7 machine
route -p add <destination network> mask <net mask> <gateway>
(Command likes elevated prompt)
You can experiment without the -p which makes the route permanent.
Yes, here it needs the gateway but it is used only for e.g. 10.1.1.0/24 network.
Cheers