Adtran
Help
BIG NEWS! The Adtran Support Community is moving! In the next few weeks it will be housed in a new location. Be sure to visit our NEW Adtran Community before the end of July to check it out and verify that you can access all the resources and features that you need. If you discover any issues with your account or access, or just want to let us know about your experience, be sure to use our Feedback Form to let us know!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
srumelhart
New Contributor
‎10-19-2015 11:27 AM

Routing through DMZ

Jump to solution

I have a NV3448 that has the following relevant configuration:

interface switchport 0/2

  description Office

  speed 100

  no shutdown

  switchport access vlan 2001

!

interface vlan 1

  ip address  10.170.30.1  255.255.255.0

  access-policy Private

  no shutdown

interface vlan 2001

  description Uplink to Scada network

  ip address  10.127.0.4  255.255.255.0

  no shutdown

!

!

ip route 172.16.1.0 255.255.255.0 10.127.0.1

10.127.0.1 is an endpoint on a Cisco router that I am trying to route traffic from the 10.170.30.0/24 network to the 172.16.1.0/24 network. On a computer on the inside lan (ex 10.170.30.10) I can ping the Cisco external endpoint 10.127.0.1, but not 172.16.1.1.

In the NV3448, I can ping 172.16.1.1, but fails if I ping 172.16.1.1 source 10.170.30.10.

What am I missing to get this to work for the local subnet?

Labels (1)
Labels
0 Kudos
Reply
1 Solution

Accepted Solutions
Anonymous
Not applicable
‎11-19-2015 09:17 AM

Re: Routing through DMZ

Jump to solution

This sounds like a routing problem.  It sounds like the Cisco does not have a return route for the 10.170.30.0/24 network.

Another observation - If you are running firewall, then all of your IP interfaces need an access policy of some kind.  How you want to build your security zones would affect how you build those policies.  VLAN 2001 should have a security/access policy on it, even if it is a just an allow any.  With firewall on and no policy on the interface, it may not pass return traffic back through to the 10.170.30.1 interface from the 10.127.0.1 host.

View solution in original post

0 Kudos
Reply
1 Reply
Anonymous
Not applicable
‎11-19-2015 09:17 AM

Re: Routing through DMZ

Jump to solution

This sounds like a routing problem.  It sounds like the Cisco does not have a return route for the 10.170.30.0/24 network.

Another observation - If you are running firewall, then all of your IP interfaces need an access policy of some kind.  How you want to build your security zones would affect how you build those policies.  VLAN 2001 should have a security/access policy on it, even if it is a just an allow any.  With firewall on and no policy on the interface, it may not pass return traffic back through to the 10.170.30.1 interface from the 10.127.0.1 host.

0 Kudos
Reply