Hello,
I have a strange problem that may be related to the endian way of policy based
routing.
ICMP packages seem not to be routed properly.
Client - cisco vpn box 1 - public network - cisco vpn box 2 - endian -
server
RDP and other tcp/udp based services from client work, ICMP
the cisco vpn box 2, the Endian and other machines are on the same LAN
green? Your cisco vpn box 2 is connected directly to a network card
Endian or a switch?
2013/8/2 Marco Gabriel - inett GmbH mgabr...@inett.de
Hello,
** **
I have a strange problem that may be related to the endian
They are all on the green LAN, connected to the same switches. Client and cisco
vpn box 1 are on another LAN, only connected through a VPN link.
I know, this is not how we recommend to set this up, but it was like this when
we came there.
Thanks,
Marco
Von: Jonathan Lessa
If everyone is on the same switch and the same LAN the ping does not
necessarily pass through the Endian, the switch itself is responsible for
making this delivery.
But if your Endian were physically between cisco vpn box 2 and the
server, then yes the Endian would be responsible for delivery.
This is correct, but if I do “tcpdump -i br0 host client-ip and icmp” on the
endian console, I can see ICMP packets coming through. But endian seems to drop
them. I cannot confirm that they were dropped, but if I manually “route add”
the route to the client, it works immediately.
Thanks in
what is the route that you add to work?
2013/8/2 Marco Gabriel - inett GmbH mgabr...@inett.de
This is correct, but if I do “tcpdump -i br0 host client-ip and icmp” on
the endian console, I can see ICMP packets coming through. But endian seems
to drop them. I cannot confirm that they were
Endian has 192.168.1.230
Cisco VPN box 2 has 192.168.1.254
Client has 192.168.10.239
On Endian (or Server): “route add -net 192.168.10.0/24 gw 192.168.1.254” →
works.
Best regards,
Marco
Von: Jonathan Lessa [mailto:jonathanle...@gmail.com]
Gesendet: Freitag, 2. August 2013 16:44
An:
I understood that all involved were on the same LAN green, but in this case
they are not.
Outside the routing would be interesting to create a rule in the firewall
between zones. Releasing the ping between the 192.168.10.0/24 network and
the Green Zone.
2013/8/2 Marco Gabriel - inett GmbH
There are two LANs, connected through two cisco boxes. LAN1 contains client and
cisco box 1, LAN2 contains endian, server and cisco box 2. There is no need to
play with the zones as everything for LAN1 should be routed through the cisco
box 2. And that works for all services but ICMP.
Best
But the issue is not the area in itself, but when do you configure a rule
to redirect the Endian already takes care of creating a rule in the
firewall to release this communication. What I asked was to test the
firewall to create a rule allowing ICMP between these networks.
2013/8/2 Marco
Understood. I already tried to create a specific rule for ICMP traffic within
the firewall (exactly at policy based routing). It showed me ICMP 8 and ICMP 30
to allow, but that didn’t work either.
The only thing that worked so far was adding a route.
Marco
Von: Jonathan Lessa
But you need to add the route to have communication with another network.
What is the problem?
If your network gateway is the Endian is it then that should be the routes
to other networks.
2013/8/2 Marco Gabriel - inett GmbH mgabr...@inett.de
Understood. I already tried to create a specific
12 matches
Mail list logo