SA 520w-k9, two problems

Unanswered Question
Sep 27th, 2010

Hi!

# Nr 1

Now we finaly upgraded to latest fw .42 and tryin to setup DMZ network using IP alias. I am going through the pdf manual with the two public IPs. We have a webserver on the DMZ network running (Win server 2003) but when we try to (From LAN) http://adress.to.webserver then we always end up in the routers login-page! From outside LAN it cant find the adress. I have tryed a lots of different settings but everytime ending up with the loginscreen of the router? However when I try the ftp everything working ok.

When we from LAN type the numeric IP to the server its OK..

Settings right now:

DMZ port 172.16.2.1

Webserver:

IP 172.16.2.30 (defined in the router)

Mask: 255.255.0.0

DNS: 172.16.2.1

Gateway: 172.16.2.1

We have an DNS server running @ 192.168.10.1

We have setup some rulez in the firewall pointing at the public IP allowing FTP and HTTP and full access from LAN to DMZ

# Nr 2

We have a VPN tunnel up and running (Site to Site) with a preshared key. The connection drops very often (2-3 days interval) and the only thing to do is to reboot the router! When the connection is dropped and you look at the staus page is still say that the connection is Established, when its not. So its very confusing and I dont know how to find the problem causing the connection drop.

We have to of these routers and not very pleased, often the access to internet just drop and only thing is to reboot router and its good to go for maybe if your lucky a week..

Best regards Tom

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
riroe Mon, 09/27/2010 - 03:13

The latest firmware for the SA520 is 1.1.65. You may want to upgrade to this latest firmware and see if this

corrects your problems.

THANKS

pamela666 Tue, 09/28/2010 - 02:03

tnx for your reply!!

I have now the latest fw, but still the same isue with the DNS settings of the DMZ, Can someone tell me the settings for DNS? shall Enable DNS Proxy be checked? We have an dedicated DNS server running on our network. And what about the settings in the webserver network config?

The settup now is:

LAN 192.168.10.xxx

DNS 192.168.10.1

DMZ Port: 172.16.2.1

DMZ webserver: 172.16.2.30

Thanks for all help....

Best regards....

juliomar Mon, 10/11/2010 - 09:45

Hi Tom,

It seems to me that the server name is not being resolved to its WAN IP address. From what I can tell from your comments when you look for "http://www.myserver.mydomain.com" it is being resolved to the IP of the WAN interface, which would launch the router's login page.  You need to have the URL "http://www.myserver.mydomain.com" resolve to your 2nd WAN IP address (the ALIAS).  You may need to contact the vendor where your domain names are registered to add your new server information.

That should take care of external access of your website.

Now for LAN access to the server  by name, you can accomplish this by using what is known as split-brain DNS, or by creating a forward lookup zone called myserver.mydomain.com, then add a  Host (A) record with a name "www" and the internal DMZ IP address of the server.  Your LAN users will be able to access your webserver by "http://www.myserver.mydomain.com"which resolves to the DMZ IP address.  However, your LAN users must use your LAN DNS or they will go to the WAN to resolve "http://www.myserver.mydomain.com".

As far as Proxy DNS, you can enable it on the DMZ interface if and only if the computer on DMZ must resolve names through your service provider's DNS.

Hope this helps you out.

Do let us know if you have issues with connection drops.

Best regards,

Julio Martinez

Actions

This Discussion