Troubleshooting – Why PA cannot ping to Routers/Ping from INSIDE RT to DMZ RT - Part IV/V
Above lab, I was able to ping from RT to PA but not vice
versa. This session will look further investigation. Let’s build up the lab
first.
Open the
GNS3 and drag and drop the PA (To load the PA takes little time. During the
loading process it will ask login credentials for several times. Don’t press
CTRL-C to bypass, wait till all gets completed. Meanwhile configure the
RT-10.10.10.2)
- Right click -> Start (After starting the PA, you should able to ping to 192.168.1.10. Then you can load the web console. If not please review steps in previous sessions)
- Connect the topology (PA -> SW -> RT)
- Web console login is success now. But RT is not be able to ping to PA because we have removed the cable last night, hope you remember it). However, it has self-recovered and we are able to ping now. I assume when starting a PA, VB will fix these types of issues.)
- Here I fail to ping from PA to RT. This has to be investigated further.
Navigate to Policies > Security > Add. Here I put the
policy name as INSIDE to DMZ. Select the source an INSIDE interface and DMZ as
the destination. Action is allowed and commit the changes. When committing is
processing don’t cancel the process. Due to the slowness of commit changes
thing, it will be issue on next commit you going to force.
Not worked! Cannot ping! :/ I guess routing needs to enable.
- · I have configured 2 static routes in default. NOT WORKED (may be incorrect routes)
- · ADD A SECURITY POLICY regards to above steps. (may be incorrect policies)
What do I have to remove and check in next lab to continue?
- Check For;
- Enable to ping from RT to PA (10.10.10.2 -> 10.10.10.1)
- 172.16.1.0 Network should same.
- Remove This;
- Security policy (INSIDE to DMZ)
- Two static routes created in default virtual routes
Note: Routers can directly connect to PA without SW. This
will easy to make your topology.
Part VI >> Factory
Reset Palo Alto Firewall
Post a Comment