Comments
-
SOLVED This issue is now resolved. The problem was I had the LAN IP assigned the same as the default gateway. Both were set to 10.x.x.1. So we changed the IP to 10.x.x.2 and now it all works. Thanks all for thinking this through with me.
-
Yes, I think you're right, @TKWITS. I'm going to involve some other internal folks to look at this with me. Thanks.
-
I found that the MAC address listed in the ARP cache doesn't match the MAC on the old Cisco firewall. So I may not be thinking that through correctly.
-
Thanks, @Ajishlal. We do not have IP enabled. The rule you reference is indeed enabled. Thanks, @Saravanan. @TKWITS mentioned the packet capture as well, which I tried but did not help me identify the issue. I might have done something incorrectly when performing it so I can revisit that too. I did find in the ARP Cache…
-
I found this issue from a couple years ago that seems similar to mine. I also can't ping the firewall from a machine in the LAN even though I have Ping enabled in both the LAN and WAN. It got me to wonder if there is a setting somewhere I need to enable/disable. We don't have IPS licensed with our device but perhaps there…
-
I think the internal routing is correct. The original purpose of the firewall was to allow someone to VPN in to the devices on the LAN and that goal has been accomplished. I agree, something else may be going on, although this was working with the previous Cisco firewall so that is the reason we think it is a firewall…
-
Hi @TKWITS, yes, the address objects are in the correct zone. No, I do not see any packets in the statistics. I tried the packet capture to no avail. Nothing showed up in the capture on either the source or destination IPs. @Saravanan , I tried to ping and run a tracert to the destination IPs but all my requests fail. I'm…
-
Here's an image of the Rule. We don't have any deny rules from LAN to WAN but there are others in place. There is a Deny Any rule from the WAN to LAN. No, I have not run a packet capture.
-
As an update, I was able to successfully connect.
-
Thank you, @preston! That did it. Thanks, @Saravanan, now that I have the GroupVPN enabled, I can use the KB article you provided.