External Connection to UAG

Sailor-Jay · ‎10-25-2021

I've recently deployed a 2 NIC UAG. I have communication to my internal NIC within my internal network, however, I cannot connect to my DMZ NIC through external. An example config of my network follows:

SNAT public to DMZ :

123.x.x.x --> 172.1.1.2

UAG NIC1 IP to External:

172.1.1.2/24

UAG NIC2 IP to Internal

172.2.2.2/24

Ping from internal network to 172.2.2.2 is successful

Ping to and from 172.1.1.2 to 172.1.1.1 (gateway) successful

Ping from internal to 172.1.1.1 successful

Ping from internal to 123.x.x.x successful

Ping from internal to 172.1.1.1 successful

Ping from 172.1.1.2 to 123.x.x.x fails

Ping from internal to 172.1.1.2 fails

I don't understand where the disconnect is occurring. Any help or advice would be helpful

fabio1975 · ‎10-26-2021

Ciao

Does your infrastructure require horizon clients from both the internal network and the public network to use UAG?
Can you give me evidence of which static routes you have set up on the UAG and what problems do you encounter?

I looked at your PING tests. Some outcomes also depend on the firewall rules set between the various network segments (Public - DMZ and DMZ - internal)

Surely the last ping that fails is logically correct for me to give an error:
communication from the internal network must go through the UAG NIC2 interface (172.2.2.2/24)

Fabio

Visit vmvirtual.blog
If you're satisfied give me a kudos

SurajRoy · ‎10-27-2021

Make sure you have the static route set correctly on the UAG at the time of deployment.

Also the default Gateway set in UAG should be of 1st NIC.

All

External Connection to UAG