Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

unable to join another network and internet through the appliance

Hello community, I need your help. in fact I had to deploy a 3200 applicance under GAIA R80.20 to a client who already has an ASA cisco that I have to replace. So after configuring the interfaces, the default route, the DNS and importing the cisco ASA rules, I connected the appliance to the network. But no communication possible through the 3200.

 

LAN SNEPCI.PNG

 

attached the existing architecture with the ASA

0 Kudos
Reply
5 Replies
Admin
Admin

Can you describe what troubleshooting you've done to date?

I tend to start with the basics like making sure you can ping "near" and "far" addresses of the security gateway from the LAN and DMZ. And, of course, ping from the gateway itself to various locations.

And of course, look at the logs and see what they have to say. From there it depends on what you find.

0 Kudos
Reply

being in the LAN I can ping the interface close to the gateway, but I can not reach remote interfaces. gateway I manage to join the interfaces that are pockets but not internet. I will now check my logs.

but can you tell me a little what type of log I can find and what will be the possible solutions?
0 Kudos
Reply

being in the LAN I can ping the interface close to the gateway, but I can not reach remote interfaces. gateway I manage to join the interfaces that are pockets but not internet. I will now check my logs.

but can you tell me a little what type of log I can find and what will be the possible solutions?

0 Kudos
Reply
Advisor

Hi,

Would first have a look at ARP tables from Clients and Gateway, if IP<->MAC Resolution is ok? Maybe some VLAN Tags are missing or old ARP entries. If this is OK, try pinging around, as Dameon said.

if Pinging to Gateway is ok, try next step to ISP Router. Also had the case, that on the ISP router there are static or very slowly updated ARP entries.

 

Daniel

0 Kudos
Reply
Champion
Champion

Two things that are missing from the description of the steps you have taken configuring 3200 are:

1. Definition of the gateway topology

2. NAT configuration for the network and server objects

 

Please check the "Networking/Topology" and define them as "External", "Internal"and "DMZ" with later two having appropriate networks behind interfaces.

Additionally, for objects representing hosts in DMZ, configure Static NAT parameters and for networks behind Internal, configure "Hide" NAT behind Gateway Object.

You may want to temporary enable ICMP in the Global Policy properties for troubleshooting and check logs for the NAT action, looking at XLate source and destination.

 

Regards,

Vladimir

0 Kudos
Reply