To elaborate, I have 13
locations, each one of them have a sonicwall connected to the internet and a
private IP address and a Nortel contivity at each location connected to
the internet and a private IP address. I have a route table in the
sonicwalls that redirects LAN traffic out the Nortel boxes based on IP
addresses. >From the LAN, everything works fine.
But:
When I put the Nortel in the
DMZ and setup a rule to allow all traffic (every port number) I could ping the
sites but SAP would not go through. I could get to the login screen at
the remote site but from there nothing. That is why I think it is the
encryption.
[Arnold, Paul] What do your logs say? Does
the SonicWALL connect directly to the internet? or is there a border
router?
Why are you putting it in the DMZ rather than
NATing it? Is there a reason? I ask because the VPN traffic is typically
terminated at the LAN and if you are routing LAN1--->remote
LAN2--->remote DMZ2, then there might be a problem. Is there a reason
anyone other than people on the LAN are accessing this Nortel box? If so, you
might still be able to accomplish the task using NAT rather than the
DMZ.
Also, I have the sonicwall
VPN client that I use to connect to the firewalls from the internet. If
I try and go to the IP addresses set up in the route table on each of the
sonicwall it goes nowhere. I can not even ping the IPs. I am
not sure what else I should try.
[Arnold, Paul] Be sure you have the
checkbox "Forward Packets to Remote VPNs" enabled on each VPN connection
on each box. That should at least straighten out the ping
issue.
Could you elaborate a
bit?
You have 2 SonicWALLs and 2
Nortel boxes? 2 sites? or is it the VPN software client?
I have a weird case that
I have to come up with an answer for. We are using Sonicwalls at all
of our locations for security. We also have Nortel contivity boxes
for the transfer of financial information via SAP. The problem is
two fold.
1. The Nortel box is not
behind the firewall because I have not been able to get the encrypted
traffic to pass through the sonicwall. We set up rules on the
contivity boxes to only accept traffic from set IP addresses. This
helps a little but it is not foolproof.
2. The sonicwall
VPN client is not allowing the accountants to connect to SAP away from the
lab. My problem is that the sonicwall is not routing the
traffic to the Nortel box or the Nortel box is not understanding the
NATed address on the LAN side. I am looking for any help as to what
direction I should go.
Lance
L
LEGAL NOTICE:
Unless expressly stated otherwise, this message is
confidential and may be privileged. It is intended for the addressee(s)
only. Access to this e-mail by anyone else is unauthorized. If you are not
an addressee, any disclosure or copying of the contents or any action taken
(or not taken) in reliance on it is unauthorized and may be unlawful. If you
are not an addressee, please inform the sender immediately.
