10-18-2017 09:26 AM - edited 03-18-2019 01:32 PM
Hi Guys,
I have a VCS Expressway X8.10 with dual NIC static NAT configuration.
Currently the default gateway points to the gateway on the internal interface.
The Cisco config guide says to set static routes pointing to management devices to the gateway on the internal interface, and then set your default route to push all traffic out of your external/public interface.
However - When I do this, Strangely I can still ping the device from my PC, but I am unable to browse to it. The traversal zone drops out and the system acts like it has no network connection, yet it still responds to ping.
The only way I can resolve it is to go onto the VMWare console as root, re-add the route back in to be a default route back to the internal gateway, reboot the device and then pull out all the config from the GUI.
Has anyone else experienced this?
10-18-2017 09:29 AM
From the config guide:
With a deployment like Figure 8 Dual Network Interfaces Deployment, page 60, you would typically configure the private address of the external firewall (10.0.10.1 in the diagram) as the default gateway of the Expressway-E. Traffic that has no more specific route is sent out from either Expressway-E interface to 10.0.10.1. ■ If the internal firewall (B) is doing NAT for traffic from the internal network (subnet 10.0.30.0 in diagram) to LAN1 of the Expressway-E (for example traversal client traffic from Expressway-C), that traffic is recognized as being from the same subnet (10.0.20.0 in diagram) as it reaches LAN1 of the Expressway-E. The Expressway-E will therefore be able to reply to this traffic through its LAN1 interface. ■ If the internal firewall (B) is not doing NAT for traffic from the internal network (subnet 10.0.30.0 in diagram) to LAN1 of the Expressway-E (for example traversal client traffic from Expressway-C), that traffic still has the originating IP address (for example, 10.0.30.2 for traffic from Expressway-C in the diagram). You must create a static route towards that source from LAN1 on the Expressway-E, or the return traffic will go to the default gateway (10.0.10.1). You can do this on the web UI (System > Network interfaces > Static routes) or using xCommand RouteAdd at the CLI. If the Expressway-E needs to communicate with other devices behind the internal firewall (eg. for reaching network services such as NTP, DNS, LDAP/AD and syslog servers), you also need to add static routes from Expressway-E LAN1 to those devices/subnets. In this particular example, we want to tell the Expressway-E that it can reach the 10.0.30.0/24 subnet behind the 10.0.20.1 firewall (router), which is reachable via the LAN1 interface. This is accomplished using the following xCommand RouteAdd syntax: xCommand RouteAdd Address: 10.0.30.0 PrefixLength: 24 Gateway: 10.0.20.1 Interface: LAN1
When i mirror this config, the expressway E drops off the network - yet I can still ping it.
10-20-2017 11:47 AM
H,
OK, let's say you have:
You must configure that the "External LAN interface" will point to LAN2.
While, in LAN2 you'll put the NAT address in the "IPv4 static NAT address".
Also, the IPv4 gateway should point on the default gateway of LAN2, not LAN1.
*** Do not restart the server yet, otherwise you'll loose connectivity to it.
After that, you need to go System -> Network Interfaces -> Static Routes,
and add a static route towards your management network, while the gateway field will contain the IP address of the default gateway of LAN1 and select LAN1 also in the "Interface" drop-down box.
That's how you should play it ;)
05-06-2019 08:46 AM
Thank YOu!!!!!!!!!
10-18-2022 04:38 AM
Hi Slavik
I just wondering about Network Interfaces of EXP-E
My LAN 1 interface is external interface
LAN1 IP : 10.0.10.2 and gateway : 10.0.10.1 (external firewall)
LAN2 IP : 10.0.20.2 with no gateway (EXP-E take one gateway)
now LAN2 is at same VM-Switch of my UC (CUCM,IM&P and EXP-C)
UC network is : 10.0.30.0/24 with Gateway : 10.0.30.1 and LAN1 interface IP : 10.0.20.2/24
How can I make EXP-C and EXP-E seeing each other, now I'm trying to do ping with no reply
I've tried to add static rule but the problem is LAN2 could not reach for gateway 10.0.20.1
Is there any Solution for this matter Please?
Thank you
10-25-2022 12:09 AM
First: Why are you posting your question to a yeears old post?
Second: If you not even can't reach the gateway of your LAN2 network, have you checked all the settings in the VM / ESXi, VLAN, ...? This is a Layer 2 problem. How do you expect to reach a different IP subnet, if you're not even able to have successfull Layer 2 connectivity to your default GW?
And yes, you need a static route to the UC network via LAN2, because your "default GW" in EXP-E is pointing to external.
This is basic Layer 2 and 3 knowledge and has nothing to do with Expressways in the first place.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide