[ATP] allowing traffic to the edge router LAN
Dear all,
Context: Our network look about like this:
The edge router WAN port is connected to the atp500 P2 interface (external interface type).
On the ATP500 firewall we have configured 3 different LAN on P5, P6, P7 ports. These interfaces was configured as Internal (Interface Type), and DHCP and everything is managed by the firewall.
On the edge router there is the LAN4, but it seems to not be reachable from the internal network(LAN1, LAN2, LAN3), I'm testing from LAN1 that has all open on policy route settings.
I tried to add an additional ethernet connection from P8 to LAN port on the edge router, I configured the interface P8 as external (interface type) , and configured IP Address Assignment using the same network parameters that are used on the edge router.
But this does not seems to be all right, from LAN1 i cannot reach anything on LAN4:
ping 192.168.146.1
Pinging 192.168.146.1 with 32 bytes of data:
Request timed out.
Request timed out.
Reply from 192.168.146.0: Destination host unreachable.
Reply from 192.168.146.0: Destination host unreachable.
Ping statistics for 192.168.146.1:
Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),
Maybe someone can catch something wrong in my setup, or suggest some troubleshooting operation?
Thank you
All Replies
-
I thought you don't need a policy route.
Just let firewall do the SNAT.
For example:
192.168.1.0 (LAN1) → 192.168.146.0 (LAN4)
→ 2.2.2.2 (ATP500 P2 IP) → 192.168.146.0
I believe edge router have associated route table. And it can give a correct way.
0 -
maybe you need a static route on Edge router for LAN1 subnet to gateway of atp500
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight