Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Traffic between two interfaces (LAN to LAN) only works one way.

newbie_IT

Hello everyone,

I am trying to connect two LAN's that I setup on two separate interfaces (Port 1 and Port 5).

test network

I also created a new zone for the LAN on port 5 called TEST_LAN.

Here are my rules. 

RULE 1: LAN to TEST LAN

Source Zone: LAN

Source networks and devices: 10.0.0.1/21

Destination Zone: TEST_LAN

Destination networks: 172.16.0.1/24

RULE 2: TEST LAN to LAN

Source Zone: TEST_LAN

Source networks and devices: 172.16.0.1/24

Destination Zone: LAN

Destination networks: 10.0.0.1/21

The problem is that I can communicate from the TEST LAN on port 5 to the LAN on port 1. I can ping, access shared resources, web servers, etc.

However, I cannot access anything going from the LAN to TEST LAN. 

I wanted to confirm if this setup is possible. Just to clarify, I have checkout out the other similar posts like this one and could not find a solution. Maybe I am overlooking something simple. I created an SNAT rule for my LAN to TEST LAN connection and that still did not work. I am not sure why this isn't working in both directions.

Thanks in advance!



This thread was automatically locked due to age.
  • +1

    Have you done any investigation of logs to see why things might be getting dropped or where they're going? Did you make a mistake going from CIDR "/21" notation to net mask notation? Does your test machine on LAN have a proper concept of its network and its gateway?

    (You shouldn't have to fill in both zone and network, in general. Zones are more flexible, so I use "Any" as the network and just specify the zone.)

    Are there intermediate routers/switches and are they set up appropriately (including things like VLANs)? 

    Sorry I don't have a firm answer, just more questions.

    • 0 in reply to Wayne Folta

      Hi.

       the rule could be very simple as suggested by Wayne

      source LAN - Network any, Destination LAN, network any, all services, log (for the moment). You do not need a NAT between internal networks and as also suggest the /21 is a bit large.

      Ian

      XGS118 - v21.0.1 MR1

      XG115 converted to software licence v21.0.1 MR-1

      If a post solves your question please use the 'Verify Answer' button.

      • 0 in reply to Wayne Folta

        Thank you so much! I changed the network to 'Any' and left the Zones as is and that seemed to fix it.

      Unfiltered HTML