Cisco SA520 IP Alias port forward issue

Unanswered Question
Aug 11th, 2010
User Badges:

Hi,


I have a SA520 and have setup our ip aliases for the WAN interface but when i set the firewall rule to allow traffic and forward it to an internal LAN address it does not work, The logs show that it is still dropping the packets.


I have rechecked the settings a few times and even tried wiht all the attack security switched off but it still does not work.


We are running firmware 1.1.42,


Is it possible it needs a hardware restart? i have rebooted it using the interface and there is still no joy.



Regards,


Alllan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
allan.lowe Thu, 08/12/2010 - 03:58
User Badges:

Update,


I have upgraded to the new RC2 firmware in the hope that that may shead some light on the issue, now there is nothing showing up in the firewall logs when i try and connect to the ipalias and the connection is still not succeeding.


I'm trying a soft-reboot to see if it needed that after the firmware update in additon to the automatic reboot.


I'll keep updating as i find more out.


Allan


Edited, Well the reboot did not change anything the firewall rules do not work and the logs still are showing my connects since updating the firmware.


On a side note should i be able to telnet to the firewall? i know its wishful thinking but i was hopeing it might run IOS.


Also forgot to say i'll be onsite tomorrow so will try a hard reboot then. (clutching at straws now).

allan.lowe Thu, 08/12/2010 - 05:45
User Badges:

Well I have realized that the logging has decided not to pog or at least show denied packets, not sure how this changed (must be linked to the install of the firmware),


So still as a bit of a loss.

nmanglik Fri, 08/20/2010 - 17:24
User Badges:

Hi Allan,



We are not seeing this issue that you are reporting but would like to replicate what you are seeing. If you send us your configuration file, I will load it and try it out locally. Please change any password sensitive information from the configuration. Also if you are not comfortable posting it on support community, you can send us through private message.


Thanks,

Nitin

Brian Bergin Mon, 08/23/2010 - 08:21
User Badges:
  • Bronze, 100 points or more

Allan,


Can you post a scree shot of your IPv4 Firewall Rules?

allan.lowe Tue, 08/24/2010 - 03:14
User Badges:

Hi,



I have removed the external ip but it is correct (the first alias) the service RDP is port 3389 (It works on the WAN1 rule). The only difference is that the second rule has a defind external ip from the alias list but all the packets are dropped for this connection when i see them hitting the firewall.

Regards,


Allan

allan.lowe Thu, 08/12/2010 - 07:09
User Badges:

Well i have checked by using logging software and the packets are still hitting the firewall just getting declined.


I have double checked that all outbound traffic is allowed and the inbound rules are correct so i'm still none the wiser.

allan.lowe Mon, 08/23/2010 - 00:28
User Badges:

Hi,



Thanks for you reply, i'll send you a pm now.



Regards,


Allan

allan.lowe Tue, 08/24/2010 - 03:15
User Badges:

Hi,


You should have recieved a email from me with the attachment.


Thanks,


Allan

allan.lowe Mon, 09/06/2010 - 01:01
User Badges:

Hi,


This is now solved,


The issue is that the ip address i was trying to port forward to was on the other side of a LAN to LAN VPN and as such ran on a different subnet to the LAN interface of the router.


To solve the issue i had to redirect the port forward to a device on the same side of the LAN2LAN and on the same subnet, for this instance it did not matter as the server was accessable using either meathod.


Thanks to everyone who helped.


Allan.

Actions

This Discussion

Related Content