Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 2221 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Traffic between two interfaces (LAN to LAN) only works one way.

newbie_IT

Hello everyone,

I am trying to connect two LAN's that I setup on two separate interfaces (Port 1 and Port 5).

test network

I also created a new zone for the LAN on port 5 called TEST_LAN.

Here are my rules. 

RULE 1: LAN to TEST LAN

Source Zone: LAN

Source networks and devices: 10.0.0.1/21

Destination Zone: TEST_LAN

Destination networks: 172.16.0.1/24

RULE 2: TEST LAN to LAN

Source Zone: TEST_LAN

Source networks and devices: 172.16.0.1/24

Destination Zone: LAN

Destination networks: 10.0.0.1/21

The problem is that I can communicate from the TEST LAN on port 5 to the LAN on port 1. I can ping, access shared resources, web servers, etc.

However, I cannot access anything going from the LAN to TEST LAN. 

I wanted to confirm if this setup is possible. Just to clarify, I have checkout out the other similar posts like this one and could not find a solution. Maybe I am overlooking something simple. I created an SNAT rule for my LAN to TEST LAN connection and that still did not work. I am not sure why this isn't working in both directions.

Thanks in advance!



This thread was automatically locked due to age.
Parents
  • +1

    Have you done any investigation of logs to see why things might be getting dropped or where they're going? Did you make a mistake going from CIDR "/21" notation to net mask notation? Does your test machine on LAN have a proper concept of its network and its gateway?

    (You shouldn't have to fill in both zone and network, in general. Zones are more flexible, so I use "Any" as the network and just specify the zone.)

    Are there intermediate routers/switches and are they set up appropriately (including things like VLANs)? 

    Sorry I don't have a firm answer, just more questions.

  • 0 in reply to Wayne Folta

    Thank you so much! I changed the network to 'Any' and left the Zones as is and that seemed to fix it.

Reply Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?