Well, after about 7 hours worth of work stuck into this issue, I'm looking for a little advice. I'm trying to use Astaro Security Gateway software on a machine thats on the inside edge of the DMZ. I have a Cisco 2600 series on the outside edge of the DMZ running NAT overload. Astaro and the Cisco router both show the links as being up, but neither can ping the other. Workstations inside the network can ping up to the DMZ side of the Astaro box, but no further, and don't have internet access. A workstation stuck in the DMZ for troubleshooting this can reach the internet fine. I should mention this is all in a test environment at the moment. I've got an external router address of 10.155.220.192. My DMZ network is 192.168.1.0 with .1 being assigned to the router and .254 being assigned to the DMZ side of Astaro. The internal network is a 172.16.0.0 network. Both devices (Cisco router and Astaro) run fine when used alone, but it's only when I try to use both. For testing I have checked all boxes allowing pings on Astaro and have an "any any" statement on the firewall to allow all traffic (until I can fix this problem) I was assuming it was a double NAT issue, but an virtually identical test environment set up apparently exactly the same way by someone else works with no issues. Any suggestions would be GREATLY appreciated!!!

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Using Astaro on Inside edge of DMZ

Well, after about 7 hours worth of work stuck into this issue, I'm looking for a little advice.

I'm trying to use Astaro Security Gateway software on a machine thats on the inside edge of the DMZ. I have a Cisco 2600 series on the outside edge of the DMZ running NAT overload. Astaro and the Cisco router both show the links as being up, but neither can ping the other. Workstations inside the network can ping up to the DMZ side of the Astaro box, but no further, and don't have internet access. A workstation stuck in the DMZ for troubleshooting this can reach the internet fine.

I should mention this is all in a test environment at the moment.

I've got an external router address of 10.155.220.192.

My DMZ network is 192.168.1.0 with .1 being assigned to the router and .254 being assigned to the DMZ side of Astaro.

The internal network is a 172.16.0.0 network.

Both devices (Cisco router and Astaro) run fine when used alone, but it's only when I try to use both.

For testing I have checked all boxes allowing pings on Astaro and have an "any any" statement on the firewall to allow all traffic (until I can fix this problem)

I was assuming it was a double NAT issue, but an virtually identical test environment set up apparently exactly the same way by someone else works with no issues.

Any suggestions would be GREATLY appreciated!!!

This thread was automatically locked due to age.

Parents

0 BAlfson over 13 years ago

OK, so it's: (Cisco router)192.168.1.1 -->192.168.1.254 (Astaro)172.16.0.? --> (Switch) --->172.16.0.0/??(Workstations)

Why would two perfectly-functionning machines connected directly on the same subnet not "see" eachother? It must be a hardware problem - cable, MTU, full/half-duplex, speed? Try putting a switch between them with different Ethernet cables.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 techno.kid over 13 years ago in reply to BAlfson

Did you have a look in your CAM table on the cisco router and did you do a "arp" on the ASG? What do you see?

techno.kid
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 techno.kid over 13 years ago in reply to BAlfson

Did you have a look in your CAM table on the cisco router and did you do a "arp" on the ASG? What do you see?

techno.kid
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data