I have a VCS Expressway X8.10 with dual NIC static NAT configuration.
Currently the default gateway points to the gateway on the internal interface.
The Cisco config guide says to set static routes pointing to management devices to the gateway on the internal interface, and then set your default route to push all traffic out of your external/public interface.
However - When I do this, Strangely I can still ping the device from my PC, but I am unable to browse to it. The traversal zone drops out and the system acts like it has no network connection, yet it still responds to ping.
The only way I can resolve it is to go onto the VMWare console as root, re-add the route back in to be a default route back to the internal gateway, reboot the device and then pull out all the config from the GUI.
Has anyone else experienced this?
From the config guide:
With a deployment like Figure 8 Dual Network Interfaces Deployment, page 60, you would typically configure the private address of the external firewall (10.0.10.1 in the diagram) as the default gateway of the Expressway-E. Traffic that has no more specific route is sent out from either Expressway-E interface to 10.0.10.1. ■ If the internal firewall (B) is doing NAT for traffic from the internal network (subnet 10.0.30.0 in diagram) to LAN1 of the Expressway-E (for example traversal client traffic from Expressway-C), that traffic is recognized as being from the same subnet (10.0.20.0 in diagram) as it reaches LAN1 of the Expressway-E. The Expressway-E will therefore be able to reply to this traffic through its LAN1 interface. ■ If the internal firewall (B) is not doing NAT for traffic from the internal network (subnet 10.0.30.0 in diagram) to LAN1 of the Expressway-E (for example traversal client traffic from Expressway-C), that traffic still has the originating IP address (for example, 10.0.30.2 for traffic from Expressway-C in the diagram). You must create a static route towards that source from LAN1 on the Expressway-E, or the return traffic will go to the default gateway (10.0.10.1). You can do this on the web UI (System > Network interfaces > Static routes) or using xCommand RouteAdd at the CLI. If the Expressway-E needs to communicate with other devices behind the internal firewall (eg. for reaching network services such as NTP, DNS, LDAP/AD and syslog servers), you also need to add static routes from Expressway-E LAN1 to those devices/subnets. In this particular example, we want to tell the Expressway-E that it can reach the 10.0.30.0/24 subnet behind the 10.0.20.1 firewall (router), which is reachable via the LAN1 interface. This is accomplished using the following xCommand RouteAdd syntax: xCommand RouteAdd Address: 10.0.30.0 PrefixLength: 24 Gateway: 10.0.20.1 Interface: LAN1
When i mirror this config, the expressway E drops off the network - yet I can still ping it.
OK, let's say you have:
You must configure that the "External LAN interface" will point to LAN2.
While, in LAN2 you'll put the NAT address in the "IPv4 static NAT address".
Also, the IPv4 gateway should point on the default gateway of LAN2, not LAN1.
*** Do not restart the server yet, otherwise you'll loose connectivity to it.
After that, you need to go System -> Network Interfaces -> Static Routes,
and add a static route towards your management network, while the gateway field will contain the IP address of the default gateway of LAN1 and select LAN1 also in the "Interface" drop-down box.
That's how you should play it ;)