SBROWNatTSVH
Contributor
Contributor

server 2008r2 - unidentified network when in the dmz but work on the LAN

Any Ideas on this one. I have a 2008r2 Std ed, 64bit web server running in VM Ware ESXi5. When I put it on the local subnet, it identifies the network as the local domain and i have internet access. When I change it to the virtual switch that connects it to the dmz and change the IP address and defaultgateway to that of the DMZ, it comes back as an "unidentified network" - "No internet access". Both the defaultgatways (For the LAN and the DMZ) are on the same sonic wall and traffic can route between the LAN port and the DMZ port on the SonicWall. Also, when the server is in the DMZ, the server IP is natted to a public IP on the firewall. I have tried changing the group policy so an unidentified network is seen as "private" and that didn't work. IDEAS??????

0 Kudos
6 Replies
kjb007
Immortal
Immortal

Typically, in a DMZ configuration, the default route is to go out to the internet, and for any internal services, a static route is needed.

The unidentified network is typically a problem with a NIC not having or not being able to talk to a gateway.

Are you able to communicate through the firewall?

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
0 Kudos
SBROWNatTSVH
Contributor
Contributor

Yes, I can get throught the firewall from the DMZ to my inside LAN and from the DMZ to the internet with my laptop but NOT the server when both are on the DMZ. I should mention that the laptop is running windows7 pro.

Message was edited by: SBROWNatTSVH

0 Kudos
kjb007
Immortal
Immortal

Can you ping your gateways from your server when it's in the dmz?  If not, you'll need to make sure the ESX nics are on ports that are allowing that traffic.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
0 Kudos
SBROWNatTSVH
Contributor
Contributor

Here is something new to add to the confusion. Before plugging my laptop into the DMZ, the server was plugged directly into the DMZ port on the firewall (via the VMWare virtual switch. I used a little netgear 4 port hub to connect my laptop, server and DMZ together. With the hub in the mix I can ping the DMZ gateway from the server and I can ping my laptop (now on the same subnet as the server) from the server. When I try and ping a public IP (8.8.8.8) the IP on the server’s NIC tells me the destination is unreachable and if I try to ping an IP on my LAN, the public IP my firewall nats to the private IP on my server tells me the IP on my LAN is unreachable. I’m confident of the routing because my laptop can ping 8.8.8.8 and the LAN IP.

Steve Brown

0 Kudos
kjb007
Immortal
Immortal

You have two IPs on your server, correct?  If you disable the internal IP, does all work fine?

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
0 Kudos
SBROWNatTSVH
Contributor
Contributor

I put the server back on my private network, took it out of the domain and the re-joined it to the domain and the put it back on the DMZ. It is now “seeing” the network as “network 3” identifying it as public and allowing internet access. I will say that I’m not confident that it will continue to allow internet access, however. For now I will wait and see.

Steve Brown

0 Kudos