NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Packet lost somewhere , Pls help.



 

Hi Guru's
 
I'm implementing 2 ISP and 1 DMZ. (I can't use BGP)
My structure is like this.
 
 
ISP1-------FW-A---------|DMZ
ISP2-------FW-B---------|DMZ
 
ISP1: details
 
216.x.x.1 Router
216.x.x.18 FW-A external interface
10.10.10.1 FW-A DMZ interface
 
ISP2: details
 
143.x.x.1 Router
143.x.x.18 FW-B external interface
10.10.10.101 FW-B DMZ interface
 
 
DMZ details:
10.10.10.2   Web server
10.10.10.3    Application server
10.10.10.4   Application server
 
Both IP od Application servers are on same machine (dual homed), this server has two interface cards with different IP's
 
DMZ interfaces of both FW's are connected on one switch.
Both WAN connections are termination on one router.
Doing NATting on FW's.
both FW's are pointing to same systems in DMZ
 
Natting tables seems like this
216.x.x. 20 ------ 10.10.10.2
216.x.x. 21 ------ 10.10.10.3
 
143.x.x. 20 ------ 10.10.10.2
143.x.x. 21 ------ 10.10.10.4
 
Default routes on Application server:
default from 10.10.10.1 through FW-A
 
 
My Problem is like this:
 
 
When I try to reache 216.x.x.21 from network is reaches, BUT if I try to reache 143.x.x.21 then it wont.
I presume that when request enter in 143.x.x.21 from FW-B(10.10.10.4 interface) and reply comes from DEFAULT route (which is FW-A, 10.10.10.3 interface)and that entry in not in FW-A so packet lost here.
 
If I try to reache any interface from any FW then it shows me everything ok because they are in closed loop.
 
How I can solve this problem.
 
Is there any way through I can instruct the system that if request comes from interface1 then reply should goes back from the same insted of picking up default route and primary inetrface gateway address.
 
 
Thanks.
 


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.