Announcement

Collapse
No announcement yet.

Internal clients not being directed to DMZ by the DNS?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Internal clients not being directed to DMZ by the DNS?

    On our network we have a ASA5510 with Sec+. We have a Cisco1700 router WAN network whose address is x.x.x.2, our ASA internal IP is x.x.x.50. The default gateway is x.x.x.2 for internal users. When I attempt to got to the DMZ network (y.y.y.0), it seems to go to x.x.x.2 and get stuck. I assume it needs to be pointed to x.x.x.50 but if I add a static route on my computer that points any y.y.y.0 traffic to x.x.x.50, it merely times out. On top of that I lose any internet connectivity.

    At this point I'm thoroughly confused and lost. Any idea what I'm missing?
    Last edited by epanzeter; 15th May 2009, 20:34.

  • #2
    Re: Internal clients not being directed to DMZ by the DNS?

    epanzeter

    sounds like there may be a routing issue. Can you provide a network diagram and your ASA config (scrubbed) of course?

    Ryan

    Comment


    • #3
      Re: Internal clients not being directed to DMZ by the DNS?

      I certainly agree a diagram would be best here but from what you have written has this ever worked? Is the DMZ behind the ASA in which case have you set it up to allow traffic? Is there a route on the 1700 to point the y.y.y.y traffic to the ASA?
      cheers
      Andy

      Please read this before you post:


      Quis custodiet ipsos custodes?

      Comment


      • #4
        Re: Internal clients not being directed to DMZ by the DNS?

        It sounds like a routing issue to me too. IMHO the LAN switch should be connected to the LAN interface of the firewall, the DMZ switch should be connected to the DMZ interface of the firewall, and the WAN interface of the firewall should be connected to the LAN interface of the router. The default gateway for all hosts should point to the firewall. The default gateway for the firewall should point to the router. The default gateway for the router should point to the ip address of the far side of your WAN connection or the external interface of the router itself.

        When a host needs to pass traffic to the DMZ it will go to the LAN interface of the firewall which will "direct" it to the DMZ interface of the firewall. When a host needs to pass traffic to the internet it will go to the LAN interface of the firewall which will "direct" it to the WAN interface of the firewall, the traffic will then go to the router which will direct it to it's default gateway.

        LAN Host--->LAN Switch--->Firewall--->Router--->Internet
        Last edited by joeqwerty; 22nd May 2009, 22:06.

        Comment

        Working...
        X