topic And test server 1 cannot ping in Network Security

Firewall VLAN issue

ohareka70 — Tue, 12 Mar 2019 06:48:14 GMT

Hello,

I have a server vlan 10.4.x.x with over 200 servers but i wanted one application in its own vlan. So i created vlan 10.17.x.x

The servers are now seperated by a firewall

i moved a first test server across and put in the firewall rules on the cisco asa

# NO problems at all - the 10.4.x.x. server can ping the 10.17.x.x server

so i moved a second test server and put it into the same rule but the 10.4.x.x servers cant see it

The firewall can ping test server 1 but not the second test server

the bit i have no control over is:

server team looks after the servers on both 10.4.x.x. and 10.17.x.x networks - i just provide the network and firewall infrastructure

they say that test server 2 is pinging ok on the box

test server 1 cant see test server 2 even though they are on the same subnet

- only thing i can think of is that test server 1 and test server 2 might be sitting on different chassis but still both on the same 10.4.x.x network

any ideas are welcome

regards,

Kevin

Jon Marshall — Wed, 28 Oct 2015 20:03:13 GMT

Kevin

What do the server team mean when they say test server 2 is pinging ok on the box.

If you cannot ping between the test servers then rather than concentrate on the firewall can you -

1) verify the servers are both allocated into your new vlan

2) verify they are in the same IP subnet with the same subnet mask.

Also check the default gateways although this should not stop ping between the servers.

Jon

Jon,

ohareka70 — Wed, 28 Oct 2015 20:20:12 GMT

Jon,

Both servers are virtual machines sitting in a Dell Chassis. The can login to test server 2 (and also test server 3) and they are up and can ping themselves ok. Test server 2 & 3 can ping each other because they are on the same chassis

test server 1 is working ok via the firewall to the corporate network but it cant see the two new servers even though all 3 are on the same subnet and have their own vlan on the firewall interface

thanks

Kevin

And test server 1 cannot ping

Jon Marshall — Wed, 28 Oct 2015 20:26:50 GMT

And test server 1 cannot ping 2 or 3 ?

If so it comes back to what I said before

If you cannot ping within the same vlan then is not usually a firewall problem because traffic only goes to the firewall for destination IPs in different subnets.

Assuming the IP address, subnet mask information is consistent it sounds like a vlan issue.

Jon

Got it sorted. One of the

ohareka70 — Thu, 29 Oct 2015 16:28:09 GMT

Got it sorted. One of the Corporate routers was missing the subnet for the new vlan which sits on the cisco firewall interface.

Its working fine now

thanks