Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Home Lab Using TZ500 and csr1000v

Hello all,

I hope I can summarize the configuration well and you could spot the problem right away. 

I have a Cisco csr1000v router deployed on an ESXi host. The router interface g1 is connected to a vSSwitch 1 with the subnet 172.16.10.0/24. It has the IP address 172.16.10.254 assigned to it. The gateway of last resort is 172.16.10.10 which is the IP interface of a Sonicwall firewall . 

The second interface (g2) of the Cisco router is connected to a different vSSwitch (2) with the subnet 192.168.50.0/24 and has the IP address assigned 192.168.50.254 to it. 

I have VM A with IP 192.168.50.102, gateway 192.168.50.254 connected to vSSwitch 2 behind the Cisco csr1000v 

I also have VM B with IP 172.16.10.26, gateway 172.16.10.10 outside the Cisco csr1000v

I can ping from VM B to VM A without a problem (although as you will see in the packet capture, the WAN IP of the Sonicwall gets in the traffic), but from VM A to VM B, I get a response from the WAN IP address of the Sonicwall (TZ500). 

I can ping however, to 8.8.8.8 from VM A and get a reply.

The routes are shared using OSPF. 


What could cause this behavior? Any help you can provide would be greatly appreciated. 

This is the Wireshark trace.


Category: Entry Level Firewalls
Reply

Answers

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    What device is doing to the packet capture?

    If you notice, wireshark is smart enough to tell you what requests and replies are related. In the first screenshot, the ping from VM A to B is immediately replied to and wireshark notated the relationship. The reply from the Sonicwall is not notated as related (its possible the capture didnt include enough data).

    Similarly, the second screenshot shows the relation between a request generated by the Sonicwall and replied to by VM A.

    Are you running a ping somewhere that you forgot about? What happens if you remove the sonicwall from the equation?

  • csius0622csius0622 Newbie ✭

    Thanks for your reply TKWITS. The device that is doing the packet capture is VM B. The ping command use to obtain the Wireshark screenshot was only for one packet (ping IP / n 1). When the same command is run from VM A to VM B, then you see the results on the second wireshark screenshot .

    Removing the Sonicwall from the equation is not possible since it is my access to the internet. X0 is assigned to one zone, X1 to WAN and X6 to the segment where the problem shows. 172.16.10.10 is the X6's IP. The TZ500 has a route created by OSPF that routes trafic from 192.168.50.0/24 through GW 172.16.10.254.

    Hope that helps.

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    You dont have to completely pull out the Sonicwall, that is not what I meant... but I am not going to go through step by step of other ways of testing. You need to be able to think and troubleshoot yourself. Learn the OSI model, start troubleshooting at layer 1, and work your way up the layers.

    Hint: Instead of using OSPF, create static routes and see if you have the same problem.

  • csius0622csius0622 Newbie ✭

    Thanks for your help. I tried already removing the OSPF routing and used static routes. Same issue. Never implied to completely pull out the Sonicwall ;-) maybe I didn't compose my statement properly.

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Were you using static routes on VM B and the Cisco? Presumably you have a switch (providing layer 1 and 2) off of X6; disconnect X6.

    Again, verify proper functionality without the Sonicwall 'in place'. Narrow your scope to rule out issues.

Sign In or Register to comment.