Solved: ESA with 3 interfaces

INEM · ‎01-26-2020

Hi guys,

I setup a simpleLAB with ESAv and SMAv. I already configure the ESAv with the following configuration:

From VirtualBOX I setup 3 virtual Adapters on Vmnet1 (192.168.202.0/24), Vmnet2 (172.16.0.0/24) and Vmnet3 (172.16.1.0/24).

Ex Vmnet2 configuration:

Ex of Vmnet1 configuration on VM.

From ESA (Data1) I can ping all the other hosts on that network, from Data 2 the same also for Management.

The problem is that I cannot ping From Data 1 to Data2 and vice versa, I tryed also with telnet port 80, 443 and 25 but the traffic not pass the ESA from outside to inside, is this the normal behaviour?

I know that ESA is not a router, but something is escaping me here or not? I don't want to go further in the settings if I don't have the network working properly in VirtualBOX.

Thanks in advance

Ken Stieers · ‎01-27-2020

Correct, the ESA is not a router, so IT won't move packets between the subnets that IT didn't originate... eg. if you have a workstation with an IP of 172.16.0.50 and a server at 172.16.1.50, they can't ping one another unless you put a ROUTER in... the ESA won't make that happen for you.

Multiple interfaces on an ESA are typically used so that one ip/listener is in the DMZ, one in your internal network, and one for management, each with its own set of security rules/acls, etc.

View solution in original post

Ken Stieers · ‎01-27-2020

Correct, the ESA is not a router, so IT won't move packets between the subnets that IT didn't originate... eg. if you have a workstation with an IP of 172.16.0.50 and a server at 172.16.1.50, they can't ping one another unless you put a ROUTER in... the ESA won't make that happen for you.

Multiple interfaces on an ESA are typically used so that one ip/listener is in the DMZ, one in your internal network, and one for management, each with its own set of security rules/acls, etc.