07-12-2009 06:42 PM - edited 03-06-2019 06:43 AM
I'm running a duplicate pre-HA setup where my firewalls are attached to a core switch directly attached to a router. None of my firewalls are connecting to their internet addresses. Am I missing a statement within my switch config ? Is it on the router ? Any help would be greatly appreciated.
07-12-2009 06:53 PM
Earl
There is not enough information here for us to give you much help. First of all it would help if we had some detail about the topology. You describe firewalls connected to switch connected to router. Is this the path to the the internet from the firewall? Second we would need to see some detail about how the fiewalls, the switch, and the router are configured - especially how any static routes are configured. And it would be helpful if you could provide some details from the routing tables of the devices, pointing out how the actual content of the routing table differs from what you expect.
HTH
Rick
07-12-2009 06:59 PM
Could be any of those :)
So, I'm assuming you have public IP's assigned to your firewalls, and they connect via layer 2 to your router interfaces.
Your firewalls (ASA or PIX) should have a default route set to point to your router interfaces.
When you say your routers aren't connecting to their internet addresses, what do you mean? They can't ping each others outside interfaces? Can they both talk to the internet? Can they both talk to your border router?
Craig
07-12-2009 07:09 PM
Craig
When I first read the post I assumed that the topology is as you describe it with the firewalls connected directly to the internet. But then I noticed that the original post says explicitly:"None of my firewalls are connecting to their internet addresses." and that is why I asked for clarification about the topology.
HTH
Rick
07-12-2009 08:57 PM
Rick,
Yeah, I had the same thing you posted run through my head right after I hit "post", you just thought yours through better than I did, i have a tendency to just start slamming on my keys sometimes :)
Craig
07-12-2009 07:14 PM
I've attached a network diagram of the connections.
ip nat inside source static 172.16.200.2 65.220.58.9
ip nat inside source static 172.16.200.10 65.220.58.11
ip nat inside source static 172.16.200.18 65.220.58.13
07-12-2009 08:58 PM
Earl,
I think you forgot the diagram, and which device are those NAT configurations applied to, the firewall or the router?
Craig
07-12-2009 07:17 PM
My core switch environment has no problem reaching the internet via the real IP. It's the secondary ips that are not connecting.
07-12-2009 09:39 PM
Earl,
Please explain a bit more about your topology in detail.
Toshi
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: