troubleshooting Question
Is it possible using ONLY ESXi to pass traffic through multiple subnets?
Steve Jennings asked on
I am trying to create a lab with a the virtual machines show in the drawing below. I want traffic to pass from WS-1 -> ASA-1-> vpn-tunnel -> ASA-2 -> Palo Alto -> WS-2.
I've added a diagram.
What I want to be able to do is ssh / http / ping from the workstation at the top of the page to the workstation at the bottom of the page. I have created virtual switches, created the VPNs and configured BGP. The Palo Alto and the ASAs are exchanging routes. Each workstation has the attached ASA as it's default gateway.
I am new to Palo Alto and the first problem I am encountering is actually setting up rules, polices, zones, etc. I think the rules are set up properly. However, the first thing I noticed when trying to ping from the top (WS1) to the bottom (WS2) is that WS1 ARPs for its gateway were hitting WS2. THAT makes me think what I am trying to do isn't possble.
Can anyone say this will or will not work without some sort of external routing or another VM that actually routes like pfsense?
Thanks,
Steve
I've added a diagram.
What I want to be able to do is ssh / http / ping from the workstation at the top of the page to the workstation at the bottom of the page. I have created virtual switches, created the VPNs and configured BGP. The Palo Alto and the ASAs are exchanging routes. Each workstation has the attached ASA as it's default gateway.I am new to Palo Alto and the first problem I am encountering is actually setting up rules, polices, zones, etc. I think the rules are set up properly. However, the first thing I noticed when trying to ping from the top (WS1) to the bottom (WS2) is that WS1 ARPs for its gateway were hitting WS2. THAT makes me think what I am trying to do isn't possble.
Can anyone say this will or will not work without some sort of external routing or another VM that actually routes like pfsense?
Thanks,
Steve
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 12 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.
Our community of experts have been thoroughly vetted for their expertise and industry experience.
The Fellow title is reserved for select members who demonstrate sustained contributions, industry leadership, and outstanding performance. We will announce the experts being inducted into the Experts Exchange Fellowship during the annual Expert Awards, but unlike other awards, Fellow is a lifelong status. This title may not be given every year if there are no obvious candidates.
The Expert of the Year award recognizes an expert who helped improve Experts Exchange in the past year through high levels of contributions and participation on site. This award is given to the expert who has achieved the highest levels of participation, while maintaining quality contributions and professionalism.