Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
2627
Views
0
Helpful
4
Replies

Expressway-E FQDN which IP

Michael Schmidt
Level 1
Level 1

ā€Ž08-07-2017 01:09 PM - edited ā€Ž03-19-2019 12:42 PM

Hi,

we have a Expressway-E with two LAN interfaces:

LAN1 -> internal DMZ

LAN2 -> external DMZ with public NAT IP address

At the moment we configured LAN1 but we can`t get the traversal zone online although due to the firewall admin there is "any <-> any" allowed between inside network (Expressway-C) and internal DMZ (Expressway LAN1).

To which IP address the FQDN of the Expressway-E should go? LAN1 or LAN2 or Public IP?

BR

Michael

Labels:
0 Helpful
4 Replies 4

Dennis Mink
VIP Alumni
VIP Alumni

ā€Ž08-07-2017 03:37 PM

Your VCS-C traversal zone, points to LAN2  on your VCS-E (Lan2 is called LAN2 internal on your VCS-e).

Lan1 on your VCS-e has the private IP address on it that the public IP gets NAT-ed into.

PLease rate if useful

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

Michael Schmidt
Level 1
Level 1
In response to Dennis Mink

ā€Ž08-07-2017 11:38 PM

Hi Dennis,

in our setup LAN1 is internal LAN (DMZ-internal with private IP) and LAN 2 is in DMZ-external also with a private DMZ-external IP address which is NAT-ed to an external / public IP.

BR

Michael

0 Helpful

Alok Jaiswal
Level 4
Level 4
In response to Michael Schmidt

ā€Ž08-09-2017 12:28 AM

Exp-C always points to Exp-E internal LAN FQDN in a DUAL NIC scenario.

Consider that your Exp-E has 

192.168.1.210 (Exp-C IP) using internal DNS server.

172.17.18.210 (DMZ Internal LAN 1) - FQDN (Expe01.abc.com)

172.18.18.210 (DMZ External LAN 2) Nate'ed to 203.x.x.x

Traversal zone on Core will be pointing to DMZ Internal LAN 1,  if you are using the TLS and certificate exchange is mandatory then point to FQDN which resolves to DMZ internal LAN 1.  In this case it will be "expe01.abc.com".

Regards,

Alok

0 Helpful

Slavik Bialik
Level 7
Level 7

ā€Ž08-08-2017 10:47 AM

In your Expressway-C traversal zone are you using IP address of the Expressway-E or the FQDN? You need to use the FQDN and also you must check that it can be resolved from the Expressway-C. And of course it should point to LAN1 address, which is the internal LAN interface.

But it can be nice if you can post a screenshot from the "System -> Network interfaces -> IP" page.

BTW, in the traversal zone page, it is stating that it's "Unreachable" or something else?

0 Helpful
Customers Also Viewed These Support Documents