troubleshooting Question
Is it possible using ONLY ESXi to pass traffic through multiple subnets?
Steve Jennings asked on
I am trying to create a lab with a the virtual machines show in the drawing below. I want traffic to pass from WS-1 -> ASA-1-> vpn-tunnel -> ASA-2 -> Palo Alto -> WS-2.
I've added a diagram.
What I want to be able to do is ssh / http / ping from the workstation at the top of the page to the workstation at the bottom of the page. I have created virtual switches, created the VPNs and configured BGP. The Palo Alto and the ASAs are exchanging routes. Each workstation has the attached ASA as it's default gateway.
I am new to Palo Alto and the first problem I am encountering is actually setting up rules, polices, zones, etc. I think the rules are set up properly. However, the first thing I noticed when trying to ping from the top (WS1) to the bottom (WS2) is that WS1 ARPs for its gateway were hitting WS2. THAT makes me think what I am trying to do isn't possble.
Can anyone say this will or will not work without some sort of external routing or another VM that actually routes like pfsense?
Thanks,
Steve
I've added a diagram.
What I want to be able to do is ssh / http / ping from the workstation at the top of the page to the workstation at the bottom of the page. I have created virtual switches, created the VPNs and configured BGP. The Palo Alto and the ASAs are exchanging routes. Each workstation has the attached ASA as it's default gateway.I am new to Palo Alto and the first problem I am encountering is actually setting up rules, polices, zones, etc. I think the rules are set up properly. However, the first thing I noticed when trying to ping from the top (WS1) to the bottom (WS2) is that WS1 ARPs for its gateway were hitting WS2. THAT makes me think what I am trying to do isn't possble.
Can anyone say this will or will not work without some sort of external routing or another VM that actually routes like pfsense?
Thanks,
Steve
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 12 Comments.
Learn from the best
Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.
Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 12 Comments.
Try for 7 days”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.