- CheckMates
- :
- Products
- :
- Harmony
- :
- Endpoint
- :
- CCSE Lab R81.20
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
CCSE Lab R81.20
Hi Bro,
I’m in the process of constructing a CCES Lab R81.20 and have encountered an unusual issue that has been perplexing me for the past two weeks.
According to the experimental topology, the eth1 port of a firewall, designated as A-GW, is linked to the eth0 port of a router named Border-Router. The router’s eth1 port provides a connection to the internet. The IP address assigned to A-GW’s eth1 port is 203.0.113.1, while Border-Router’s eth0 port is configured with the IP address 203.0.113.254.
At present, A-GW is able to ping Border-Router’s eth0 port successfully. However, it is unable to ping the IP address 8.8.8.8 or establish any internet connectivity. Interestingly, PCs within the same network segment have no issues accessing the internet. Oddly enough, altering A-GW and Border-Router's IP address to a different network segment, such as 10.10.10.0/24 or 203.0.140.0/24, without modifying any other settings, suddenly enables internet access for the firewall.
Could you suggest what might be causing this issue?
Thank you so much!
- Labels:
-
Desktop Firewall
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For my ATC lab setups I just use Vyatta as the Border-Router which is very simple to set up with some static routing & masquerade NAT to permit Internet access. Run a packet capture on the external interface of Border-Router, are the pings sent by the gateway actually leaving the outside interface of Border-Router? (probably) Are they NATted correctly? (probably not) For successful pings initiated from behind A-GW what NAT address are those networks hiding behind? What happens if you hide them behind the gateway's 203.0.113.1 address instead?
My guess is that you have left the Install On field of your NAT rules at "Any" and not confined them to a single gateway, and both A-GW and Border-Router are attempting to execute each other's NAT rules inappropriately.
CET (Europe) Timezone Course Scheduled for July 1-2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Timothy_Hall,
Thank you so much for your advice.
The issue has been resolved after deleting a NAT policy that generated automatically.
Have a great weekend!
Thanks again!
