12-06-2019 12:59 AM - edited 12-06-2019 01:02 AM
Hello,
I just joined a small company and I am familiarizing with the Ironport ESA appliance (C100V).
I can't figure out why can't our branch office (LAN2LAN) access to the ESA like we do in main office ?
I went through all our network settings (router, switches, acl, nat, routes ...) everything is fine : branch office can communicate with every hosts in the same LAN than the ESA except the esa himself.
Tried to create a new LAN on the main office router to see if it could ping the ESA and it could not (again, ACL etc. are fine)
So naturally I concluded it was a software setting that I can't seem to find neither on ESA web interface or through SSH commands... Is there some sort of firewall on the asyncos or any other rule ?
=> In Sys administration > network access > User Access: I have Allow Any Connection
=> I successfully ping branch office LAN from the ESA (with SSH)
Thank you
Solved! Go to Solution.
12-06-2019 02:38 AM
That sounds to me like you could have an issue with the routes defined on your ESA.
As part of ESA setup process normally a default route is created.
Please check your entries under Network / Routing / ipv4 default route.
You might need to add a second route for your LAN2LAN configuration.
Are both networks using the same virtual interface or different ones ?
12-06-2019 02:38 AM
That sounds to me like you could have an issue with the routes defined on your ESA.
As part of ESA setup process normally a default route is created.
Please check your entries under Network / Routing / ipv4 default route.
You might need to add a second route for your LAN2LAN configuration.
Are both networks using the same virtual interface or different ones ?
12-06-2019 03:00 AM
You are right ! the specific route was missing.
I've added it before but I forgot to press the "commit changes" button ...
Thank you so much!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: