![]() If the interface being reached is different than the interface which the initiating packet ingresses into the firewall, and those two interfaces are in different zones, then that would be considered an inter zone session and a security policy must be present which allows the session.Typically, a security policy won't block the connectivity, but it is possible. Filter the destination address to be the IP address of the firewall interface. Verify that no security policy is blocking the traffic to the interface by checking the traffic logs.If the management profile is suspect, then run the following counter command and watch for counter increments: > show counter global name flow_host_service_deny.Make sure the interface has the appropriate management profile configured for it that enables the services needed and that permits the IP addresses from which the connection is being made.This could be to manage the device over HTTPS or SSH, to connect to the GlobalProtect Portal or to the NetConnect web portal, or simply attempting to ping the interface. I think at that point you would be good to go.When attempting to access or connect to a firewall interface IP address for a service or when trying to ping the interface the communication fails. To rectify your situation you can add frame relay map statements to the EAST and WEST mapping their serial IP address to the same DLCI as you did for the HQ serial ip. My guess is that this will successfully ping. Now you have controlled what the source IP is for the ping packet. So specify the IP address of one of the loopbacks on the EAST. Then hit Y and then it will ask you for the source ip address or interface ![]() Then take the defaults for everything UNTIL it says Extended Commands So make sure you select IP for the protocol and specify the correct target IP address. Then it will prompt you for several things. So from the EAST type ping and hit enter. ![]() If you were to try an extended ping I think you would have success. So now when the ping reaches the the loopback on the EAST it tries to return the packet destined to 172.16.124.3, but there is nothing in the frame relay map for. So when you ping the EAST loopback you are sourcing it with the 172.16.124.3 ip address. ![]() When you issue a ping command like you did from the router, the router uses the ip address of the outbound interface to source the ip packet. Sending 5, 100-byte ICMP Echos to 10.2.3.1, timeout is 2 seconds: Ia - IS-IS inter area, * - candidate default, U - per-user static route I - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2Į1 - OSPF external type 1, E2 - OSPF external type 2 The hub is HQ and spokes are EAST & WEST, I can't ping the loopback of router EAST from the router WEST and the reverse as well, the topology is like this:Ĭodes: C - connected, S - static, R - RIP, M - mobile, B - BGPĭ - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area Hello i have a problem with eigrp, i configured eigrp through a frame relay cloud, hub and spokes
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |