Hi
all,
Internet router
|
|
-------- Firewall ------
DMZ
| |
|
|
| |
172.18.x.x |---------- 172.17.x.x------- 172.30.1.x
All networks have a
direct connection to the firewall, except for the 172.30.1.x network which
is offsite and connected via two cisco 2500 series routers. The
172.30.1.x network can ping all firewall interfaces, the dmz, and the
172.18.x.x network without a problem. When it tries to ping the
172.17.x.x network the requests time out. I'm assuming that this is
happening because the request goes directly to the pc or server in question, but
the reply has to go back through the firewall which is the default gateway for
the 172.17.x.x network and the firewall does not like to get requests when it
doesn't see the reply in the first place and drops it. Users have
no problems connecting for files and such, just pinging which we use for
troubleshooting connectivity. As a work-around I've created a static route
on a server in the 172.17.x.x network that will respond directly to the
172.30.1.x network for troubleshooting. Is there another way around this
via making a change to the firewall? Oh, we are running 4.1sp2 on an nt4
sp6 box.
Thanks for any
help,
|