I will try and explain my situation here and i hope you get it.
I have a problem with getting traffic from one net to another net and it is now driving me mad as i cant seem to find the error.
The setup: LAN1(10.0.0.0) has a VPN connection to our DMZ1(192.168.3.0). In our DMZ1 we have a gateway which routes traffic into SDN!(188.8.131.52) and at the same time transforming(NAT) the ip from the LAN and DMZ into (184.108.40.206/29). Meanwhile we also have an internal LAN2(192.168.2.0). My problem is that the traffic from LAN1 cant reach the SDN net but when i am on LAN2 i can.
My firewall log aint showing anything so i dont think the problem is here.
According to your diagram you are trying to connect the remote network 10.0.0.0/27 to your corporate DMZ through VPN connection between the vigor2900 VPN router and Cisco 2821. (Interoperability seems to be tested successfully)
I guess you set a LAN-to-LAN VPN, if you are using a pre-shared key for authentication; here is a typical VPN site-to-site configuration on the Cisco-side:
crypto isakmp policy
crypto isakmp key address
crypto ipsec transform-set
crypto map ipsec-isakmp
access-list permit ip
Make sure that:
- IKE phase1 parameters match between the two devices.
- The same pre-shared key is set in both devices.
- min one transform-set must match.
- ACL on the Cisco and the Vigor device have to be symmetric (mirrored) to guarantee the traffic forth and back.
LAN2 is connecting directly to Cisco then traffic forwarded to m0n0wall for NATing and don?t use any VPN, may be that?s why it doesn?t present any problem.
Well the problem is this is what i already have entered into the ACL. Traffic flow perfectly from LAN1 to DMZ but i still cant get into SDN. I can ping the monowall but the the devices after i cant. These i can access though when i sit in DMZ
NAT'ing work from DMZ and not from LAN1 -> check you translation rules in m0n0wall and what pool of address are allowed to be translated, may be only DMZ ip addresses are allowed, if so add you LAN1 ip addresses to be translated.
Question We run asr9001 with XR 6.1.3, and we have a very long delay to
login w/ SSH 1 or 2 to the device compare to IOS device. After
investigation, the there is 1s delay between the client KEXDH_INIT and
the server (XR) KEXDH_REPLY. After debug ssh serv...
Introduction The purpose of this document is to demonstrate the Open
Shortest Path First (OSPF) behavior when the V-bit (Virtual-link bit) is
present in a non-backbone area. The V-bit is signaled in Type-1 LSA only
if the router is the endpoint of one or ...
Hi, I am seeing quite a few issues with patch install and wanted to
share my experience and workaround to this. Login to admin via CLI, then
access root with the “shell” command Issue “df –h” and you’ll probably
see the following directory full or nearly ...