Archive

Archive for the ‘Firewall’ Category

No inter-VLAN comms? A classic example of KISS

January 22, 2011 Leave a comment

So, here’s the problem (exhibit below):

  • You have 2 VLANs terminated on a firewall with discrete subnets (VLAN100 & VLAN200).
  • Both VLANs are configured identically.
  • VLAN100 has subnet 192.168.192.192/28.
  • VLAN200 has subnet 192.168.192.208/28
  • The VLANs lead to two separate virtual servers on the same physical host (vServer1 & vServer2).
  • VLAN100 has full IP connectivity to other VLANs and to the Internet.
  • The virtual server on VLAN200 can PING the default gateway on the Firewall.
  • The firewall can PING the virtual server on VLAN200.
  • The virtual server on VLAN200 can’t reach any other IP connected host or interface including the virtual server on the same physical host.

What’s the solution?

VLAN Configuration

Drum roll please…

The default gateway on vServer2 had been set to the network address of: 192.168.192.208 instead of the actual next hop of 192.168.192.209.

Moral of the story: Always verify the obvious, in spite of assurances from Windows Admins and Keep It Simple Stupid!

Can’t believe I wasted 30 minutes trawling through configs for this! Grumble, grumble…