cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
640
Views
1
Helpful
4
Replies

VLAN's can't connect to DMZ server

lmace711
Level 1
Level 1

I am unable to ping or access in any way a server on our DMZ from our VLAN’s. I can access or ping our web server from the same vlan. Obviously the routes are their or we could not ping any thing on the dmz subnet. Any ideas would be greatly appreciated. I’m baffled.

Thanks

L. Mace

DMZ subnet 192.168.10.0/24

Server A 192.168.10.3 PINGS OK

Server B 192.168.10.2 NO PING response.

Attached is my original problem with configurations of 6513 switch and RSM.

4 Replies 4

denisluo
Level 1
Level 1

Hi,Mace,

1>Could U draw a brief image of network for us??

After i see the attachment, i still don't understand what is the network structure.

2> in C65xx configuration, i found some confused config, such as :

Why do u config HSRP for "ip address 10.1.160.254(virtual)",then after u static config "ip route 192.168.10.0 255.255.255.0 10.1.160.2",

hope u response,

1. Attached is a jpg showing firewall infrastructure, it is correct expect the CAT 5500 is now a CAT 6513 and the 5500 is still being used. I am fairly new to this company and new to the high end switches. Also the 5500 is being used as Hot standby, (HSRP).

2 I added the static route,hoping it would fix the problem. I now know it is redundent and not needed.

Thanks

Hi,Mace,

Thanks for ur kind response,

After seeing ur net image, I advice that you'd better

check these configuration as followed:

1>All PIX Firewall configuration:

to find how the ip packet routed from DMZ server to internal vlan;to find wheather the ICMP is configurated correctly by PIXs; specially, the primary PIX and the standby PIX.

2> default gateway config of These DMZ server

on the other hand, from your net map, I found a little issue,Why the primary PIX and Standby PIX connect to a intel HUB ,and the HUB to core switches.

the HUB would be single point failure in network!!!

Pls. pay attention to this little issue.

Regards,

I finally added routes to the server back to the vlans and that worked.

Thanks for your time, it is appreciated.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: