Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
mcmib
Explorer

CCSE Lab R81.20

Hi Bro,

 

I’m in the process of constructing a CCES Lab R81.20 and have encountered an unusual issue that has been perplexing me for the past two weeks.

According to the experimental topology, the eth1 port of a firewall, designated as A-GW, is linked to the eth0 port of a router named Border-Router. The router’s eth1 port provides a connection to the internet. The IP address assigned to A-GW’s eth1 port is 203.0.113.1, while Border-Router’s eth0 port is configured with the IP address 203.0.113.254.

At present, A-GW is able to ping Border-Router’s eth0 port successfully. However, it is unable to ping the IP address 8.8.8.8 or establish any internet connectivity. Interestingly, PCs within the same network segment have no issues accessing the internet. Oddly enough, altering A-GW and Border-Router's IP address to a different network segment, such as 10.10.10.0/24 or 203.0.140.0/24, without modifying any other settings, suddenly enables internet access for the firewall.

Could you suggest what might be causing this issue?

 

Thank you so much!

0 Kudos
2 Replies
Timothy_Hall
Champion Champion
Champion

For my ATC lab setups I just use Vyatta as the Border-Router which is very simple to set up with some static routing & masquerade NAT to permit Internet access.  Run a packet capture on the external interface of Border-Router, are the pings sent by the gateway actually leaving the outside interface of Border-Router?  (probably) Are they NATted correctly? (probably not)  For successful pings initiated from behind A-GW what NAT address are those networks hiding behind?  What happens if you hide them behind the gateway's 203.0.113.1 address instead? 

My guess is that you have left the Install On field of your NAT rules at "Any" and not confined them to a single gateway, and both A-GW and Border-Router are attempting to execute each other's NAT rules inappropriately.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
(1)
mcmib
Explorer

Hello Timothy_Hall,

 

Thank you so much for your advice.

 

The issue has been resolved after deleting a NAT policy that generated automatically. 

 

Have a great weekend!

 

Thanks again! 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events