ICMP and RDP between subnets.

Ladies and Gents,

I am trying to ping between two subnets. The strange part is that I am able to do this between my DMZ burb and the remote subnet but not between my internal burb and the remote subnet.

Therefore DMZ server-------------------> DMZ interface-------Through Lan interface -------------------------> Router-----> Remote subnet.= Fine.

Lan Sver-----------Lan interface------------>Router----------Remote Subnet = NO Ping.

Lan interface ------------>Router -------------->Remote Subnet =  Pings fine

Area    nil_area

Auth_method    Passive (MLC)

Date    2014-04-15 15:55:04 -0500

Dest Port    3389

Dstip    xx.25.x.x

Event    TCP netprobe

Facility    kernel


Interface    1-1

Priority    minor

Protocol    6

Reason    Received a TCP connection attempt destined for a service that the current policy does not support.

Source Port    55607

Source Zone    internal

Srcip    x.24.x.x

Syslog    4

Syslog    Warnings (4)

Type    netprobe

User Name    Santa Claus Jr Break Dancing On ICE!!

The only thing that stands out in this to me is that the sidewinder is not seeing a destination Zone. Which I am unsure how to assign a remote subnet with no interface connection to a specific zone.

Re: ICMP and RDP between subnets.

When you're routing between DMZ and Lan interface both are differents interfaces but when the packet is coming from LAN Server and going to Firewall LAN interface (as default GW?) and later to Router you're routing on same interface of the firewall (LAN interface). I thing this scenario is called "Intrazone Forwarding". You have to enable this feature on CLI. Below I added a paper that I obtained from this forum on how to do that.

I hope that helps to you.



Re: ICMP and RDP between subnets.

I am going to try this later on tonight. Thanks for this info.

I will let you know how it goes.

Re: ICMP and RDP between subnets.

Haven't tried it yet but may have time later today.

