I have a GB-100 device and I'm having a problem. For our company we have two subnets
and I would like to bind
them both to the external interface. Here is my current network scheme, substituting
my real IP addresses with
false ones:
200.171.99.0 /28 (200.171.99. 1 through 14 with a 255.255.255.240 subnet mask)
210.146.60.0 /24 (210.146.60. 1 through 254 with a 255.255.255.0 subnet mask)
I have bound both of these subnets to my external interface and it works fine for an
hour or two, but then the
204.171.99.0 subnet just stops responding. A while after that, the 210.146.60.0 subnet
stops responding. By
"stops responding" I mean that all of the inbound tunnels quit working. I can still
get out fine from the
protected network to the outside world. I am not using the PSN, and I am using
10.0.60.x and 10.0.99.x with a
/16 bit (255.255.0.0) subnet mask for the Protected network. Here is how things are
supposed to work as far as
my tunnels go:
200.171.99.2: 80 -> 10.0.99.2: 80
200.171.99.2: 25 -> 10.0.99.2: 25
200.171.99.3: 80 -> 10.0.99.3: 80
200.171.99.4: 80 -> 10.0.99.4: 80
200.171.99.6: 80 -> 10.0.99.6: 80
200.171.99.7: 80 -> 10.0.99.7: 80
200.171.99.10: 80 -> 10.0.99.10: 80
200.171.99.11: 80 -> 10.0.99.11: 80
200.171.99.12: 80 -> 10.0.99.12: 80
200.171.99.13: 80 -> 10.0.99.13: 80
210.146.60.10: 80 -> 10.0.60.10: 80
210.146.60.10: 25 -> 10.0.60.10: 25
210.146.60.206: 80 -> 10.0.60.206: 80
210.146.60.235: 80 -> 10.0.60.235: 80
I have a few other tunnels, and they are similar but for FTP and DNS services. Our
router is a Cisco 1720, and
it has 200.171.9.1 /28 and 210.146.60.1 /24 aliased to it. I do not have access to the
router, so I am not sure
if it has anything on any other subnets aliased to it. I have the GB-100 using
210.146.60.1 as its default
gateway. What I do not understand is why it just stops working after a while. I have a
GB-100 working fine on
another network, but it only has one subnet bound to the external interface. It
appears that this problem only
happens with multiple subnets bound to the external interface, because I have remedied
the problem by removing
all 200.171.99.0 /28 aliases from the GB-100 and put one of our web servers back
outside the firewall until this
gets fixed. I have a friend that has this exact same problem, so I know I am not alone
with this, and he hasn't
found a solution yet either. This has made me look very bad for our customers, as they
know that they have had
some downtime recently. If someone can provide me with an answer as to why this is
happening, I would appreciate
it. Thank you in advance for your help.
///Jason
--
#!/usr/bin/perl
@a=(Lbzjoftt,Inqbujfodf,Hvcsjt); $b="Lbssz Wbmm"
;$b =~ y/b-z/a-z/ ; $c =" Tif ". @a ." hsfbu wj"
."suvft pg b qsphsbnnfs". ":\n";$c =~y/b-y/a-z/;
print"\n\n$c ";for($i=0;$i<@a; $i++) { $a[$i] =~
y/b-y/a-z/;if($a[$i]eq$a[-1]){print"and $a[$i]."
;}else{ print"$a[$i], ";}}print"\n\t\t--$b\n\n";
