Routing issue

Lewis_Cipher · ‎03-04-2011

Have a routing issue, trying to setup FTP site in DMZ. The route will work outside via the gateway, but I can't get to the DMZ unless I change the the gateway to the inside FW IP address. So, I try and ping the FTP server and get no reply when Gateway is the Outside FW. When I change the IP of GW on the server to the inside FW address I can get a reply. I need to make a route here somewhere, just not sure where. Any ideas?

manish arora · ‎03-04-2011

Hi Lewis,

can you provide everyone here with a topology + ip addressing structure and explain a little more on what are you trying to do ? I would make everyone's life a little easier on understanding the issue and thereby helping you out.

Manish

Lewis_Cipher · ‎03-04-2011

The topology is front firewall, dmz, back firewall, isa, layer 3 internal. The DMZ IP is say 11.10.1.1 . Internal is 192. The outside FW is being used as the GW on the FTP. However, I can't ping or RDP to the server with that address internally. I can if I set the IP to the internal FW for the GW address. Make more sense now?

Antonio Knox · ‎03-04-2011

Assuming I get this right, your FTP server is in the DMZ, right? So, why not use the DMZ interface IP (11.10.1.1) as your gateway? I'm kinda cloudy with your topology description, though.

Lewis_Cipher · ‎03-04-2011

You want me to use the IP address as the Gateway address?

Antonio Knox · ‎03-04-2011

As I said, I'm not sure I understand your topology. Provide something like this (sample)

Internet --------> outside (x.x.x.x) ----------> DMZ (y.y.y.y) ------------> FTP server (z.z.z.z)

This will make your situation easier to visualize. Just a suggestion.

Lewis_Cipher · ‎03-04-2011

Your topology is correct. I think I may have answered my own question, two nics. With two nics the inside and outside will be able to be accessible. I am going to give that a shot.