I have a router connected to internet with bgp routing , my router connect to my firewall with static route , strangely from outside/internet they can access my dmz/public server, but from inside i cant ping my ip public server. i believe this is not acl issue but routing issue ?
To clarify, your trying to ping from a end-host say a desktop PC, to your server that lives in the DMZ?
From reading the details though:
ip route 192.168.0.0 255.255.0.0 22.214.171.124
ip route 192.168.100.0 255.255.255.0 126.96.36.199
You have these static routes in place for 192.168.X.X to 188.8.131.52 and 192.168.100.X via the same IP?
Further reading it suggests your pushing those routes at your firewall which protects your LAN and DMZ and appears to be an ASA or ASR device
1. Have you checked there is a route present for internal corporate users to access the DMZ?
- I'm not 100% on firewall software however in the IOS world it would be 'show ip route X.X.X.X' (changing X.X.X.X for the IP of the box your trying to reach).
2. Have you put in place an ACL that permits the corporate LAN users to reach those devices within the DMZ?
-- You should be able to confirm this by seeing the hits on the ACL
3. Are you sure the firewall is correctly configured to handle the packets coming at it from both sides?
-- You would need to check this with the firewall forums to make sure it's configured properly.
4. Do you have a traceroute (tracert for windows) from the box your testing to the server in question? This will tell you where the issue lies as the last hop will give you an idea of where to start looking.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...