HPE Community
Switches, Hubs, and Modems
1752765 Members
5032 Online
108789 Solutions
New Discussion юеВ

Re: Needed to get this topology to work ! Attached image and description

 
aeonpoon
Occasional Advisor

тАО10-26-2010 11:15 PM

тАО10-26-2010 11:15 PM

Needed to get this topology to work ! Attached image and description

Hi to all, I have a question which is I have given this topology and I need the connections and give the address to each interface and did ping from router to gateway and realise

1)router can only ping to 10.2.2.1/30 not 10.2.2.2/30.

2)checkpoint firewall ping to router is able to but to gateway 10.3.3.1/30 is not able.

3)gateway ping to checkpoint is able to get response from 10.2.2.1 but not 10.1.1.2/30

I have open the rules up to from any to any, did routing tables too but still cannot get it to work, trying my luck here if anyone can guide me. Thanks so much in advance to all
0 Kudos
8 REPLIES 8
Mohammed Faiz
Honored Contributor

тАО10-27-2010 01:37 AM

тАО10-27-2010 01:37 AM

Re: Needed to get this topology to work ! Attached image and description

Hi,

Well the first thing to check is whether you have ping enable on the interfaces of your ssg550 (not just as a policy but on the 10.3.3.1 and 10.2.2.2 interfaces themselves).

Can you post a copy of the routing tables for the SSG550 and the checkpoint?
0 Kudos
aeonpoon
Occasional Advisor

тАО10-27-2010 04:08 AM

тАО10-27-2010 04:08 AM

Re: Needed to get this topology to work ! Attached image and description

Thanks Faiz, I remembered I open ping services on both interfaces on SSG 500, I will post the routing tables tomorrow ! Thanks so much for your answers ~~
0 Kudos
aeonpoon
Occasional Advisor

тАО10-27-2010 05:47 PM

тАО10-27-2010 05:47 PM

Re: Needed to get this topology to work ! Attached image and description

Hi Faiz, here is the routing table you requested

Juniper SSG 500
http://i367.photobucket.com/albums/oo117/aeonpoon/capture_28102010_093959.jpg

Checkpoint UTM-1 570
http://i367.photobucket.com/albums/oo117/aeonpoon/CheckpointFirewallroutingtable.png

Thanks for your reply and I could make it work.
0 Kudos
Mohammed Faiz
Honored Contributor

тАО10-28-2010 02:06 AM

тАО10-28-2010 02:06 AM

Re: Needed to get this topology to work ! Attached image and description

Ok, that looks on on a first glance (though you don't have any default routes set which may cause issues later).
The problems that you mention seem to point to an issue on the checkpoint, unfortunately I don't know enough about the checkpoint device.
For example point 1) that you mention seems very strange, there is not reason that that should not work.
Can you put the checkpoint in transparent mode temporarily to test (you'd need to adjust the IP on either the router interface or the SSG)?
0 Kudos
aeonpoon
Occasional Advisor

тАО10-28-2010 05:59 AM

тАО10-28-2010 05:59 AM

Re: Needed to get this topology to work ! Attached image and description

Alright thanks ! I will try your method and see how it goes ! Thanks a lot ~
0 Kudos
aeonpoon
Occasional Advisor

тАО10-28-2010 05:36 PM

тАО10-28-2010 05:36 PM

Re: Needed to get this topology to work ! Attached image and description

you said change the firewall to transparent but I don't think it has the feature.
0 Kudos
Mohammed Faiz
Honored Contributor

тАО10-29-2010 01:34 AM

тАО10-29-2010 01:34 AM

Re: Needed to get this topology to work ! Attached image and description

That was just a suggestion, I'm not that familiar with checkpoint boxes.
I suspect if you remove the checkpoint completely (and adjust the IP on Juniper or the Router) either the your routing will work fine.
0 Kudos
aeonpoon
Occasional Advisor

тАО10-29-2010 06:13 AM

тАО10-29-2010 06:13 AM

Re: Needed to get this topology to work ! Attached image and description

Alright thanks I try and error see how it works out finally ! Appreciate your help a lot !
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.