Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 7 subscribers
  • Views 4334 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Additional addresses on one uplink interface, not accessible to other uplink interface

WRS

Here's my setup

I have 2 ISPs. Our main is fiber attached to a catalyst switch, connected to a UTM interface. On that interface are numerous additional addresses used by our organization for all our domain addresses. The second ISP is Comcast Business cable. One of the lan ports is connected to a UTM interface and is used for multi-path. This works no problems.

I also use UTM wireless networking. My guest network is bridged to a vlan where there is only one assigned port. That port has a direct connection to the Comcast router via a lan port. That way, the guest network doesn't go out the UTM, or connect to our internal networks in anyway. It gets its ip info from the Comcast dhcp server and goes directly out to the internet that way.

This configuration has been working flawlessly until...Comcast upgraded our service and replaced the cable modem. Now everything works except those going out Comcast cannot reach the additional addresses on the main isp external interface. Multi-path works. The guest network works as it get's an ip from the cable modem, and has very fast internet.

However, we noticed that employees connected to mobile devices over the guest network cannot connect to our exchange servers. Turns out that all of our domain address, which are on the main external are inaccessible to traffic going out of Comcast via any of the lan ports. I have even disconnected everything from UTM, reset the cable modem, and connected a laptop to a lan port. I still can't reach these addresses on our UTM. I have confirmed with the help of our main ISP support that they get all of the way through the fiber and to the catalyst switch (which belongs to our ISP and I can't access) 

It seems to me that the UTM is rejecting or blocking the traffic and I don't know why, or how to gain greater visibility into what's really going on. Any insight into what may have happened when a new modem was installed, what I can check, or how to resolve would be greatly appreciated!



This thread was automatically locked due to age.
Parents
  • 0

    Hi Bill and welcome to the UTM Community!

    My WAG is that Comcast replaced some routers and that they need to correct their routing.  I bet a tcpdump on the interface connected to the Catalyst will show no traffic arriving from the wireless guest network.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I have dug a little more and found the following.

     

    My ISP setup a mirror port on their switch and I have sniffed the traffic between the Their cisco switch connected to our UTM. The addresses make it to the Cisco no problem, but wireshark shows only source traffic from port to UTM. No replies. Only Retransmissions. The destination mac to our UTM interface is correct. Remember, this issue only happens when the traffic is coming in with the IP address of the Comcast gateway. If I'm understanding correctly, the source mac should be the interface of the cisco switch that is connected to the UTM. 

    One thing I failed to mention in my post is that the cisco switch has been recently replaced as well. So both ISP's have new switch/routers. Since this issue happens only when it comes in from the Comcast gateway address, and from no where else on the internet, could it be that there is a bad arp table entry that resolves to the old mac address? I have done a arp -n on Sophos and can't seem to correlate the table with any know mac addresses so i'm not sure how that works.

    I have also found that my firewall log shows that the traffic is not being dropped. It's trying to apply a NAT rule. 

Reply
  • 0 in reply to BAlfson

    I have dug a little more and found the following.

     

    My ISP setup a mirror port on their switch and I have sniffed the traffic between the Their cisco switch connected to our UTM. The addresses make it to the Cisco no problem, but wireshark shows only source traffic from port to UTM. No replies. Only Retransmissions. The destination mac to our UTM interface is correct. Remember, this issue only happens when the traffic is coming in with the IP address of the Comcast gateway. If I'm understanding correctly, the source mac should be the interface of the cisco switch that is connected to the UTM. 

    One thing I failed to mention in my post is that the cisco switch has been recently replaced as well. So both ISP's have new switch/routers. Since this issue happens only when it comes in from the Comcast gateway address, and from no where else on the internet, could it be that there is a bad arp table entry that resolves to the old mac address? I have done a arp -n on Sophos and can't seem to correlate the table with any know mac addresses so i'm not sure how that works.

    I have also found that my firewall log shows that the traffic is not being dropped. It's trying to apply a NAT rule. 

Children
  • 0 in reply to WRS

    Have you reconfigured the Comcast IP in UTM, I mean Disabling  enabling UPLINK recently? 
    Because i think the DNAT rule has changed, instead of destination "WAN1" has changed to "Uplink Interfaces" 
    Take a look of DNAT Rule

Unfiltered HTML