I'm trying to set a unfied access gateway up in my lab, with 3 nic's.
My plan with the 3 nic deployment is, to forward External users through the Internet facing nic which has an ip of 10.1.60.10 and then when they reach the backend network, they should go through the backend nic which has an ip of 10.1.60.11, and then i have made the firewall rules from the backend to the connection servers in another vlan, and the interfnetacing nic only has NAT rules "from my firewall to the UAG internet facing nic". Is this even possible to make, because it seems i cannot get it to work properly. I'm also making a static route from backend nic to the connection servers.
I hope someone can help me out a bit, since i'm completely out of ideas. I should note that, if i still have the three nics, and then do everythng on the internetfacing nic, everything works, though i do have management in a completely seperated vlan
Any way for you to change your internet and backend NIC so they aren't on the same subnet?
I suspect either a routing issue or an internal firewall rule issue on the UAG appliance.
can you draw some high level diagrams to get more insight into your requirements.?
also what is use case , just trying to understand typical / complex use case on why we need 3 nic configuration
Well essentially i want to it setup in this picture "DMZ Design for VMware Unified Access Gateway and the use of Multiple NICs with the three nic deployment, but the difference in my setup, i have the management nic on a completely isolated vlan.
Right now my setup is the following: from my Edgerouter i have forwarded the required ports to the internetfacing nic, and then i have made the firewall rules from the backend nic to my connection server. And the management nic is in a isolated vlan.
I hope that brings more insight .
Any way for you to change your internet and backend NIC so they aren't on the same subnet?
I suspect either a routing issue or an internal firewall rule issue on the UAG appliance.
Sure, i can try to deploy a new one, with each NIC in the different vlan's.
Thanks everyone,
I was stupid enough to have my Internetfacing nic and backend on the same subnet, which i thought was the correct way of doing it.
I just made a new VLAN for backend and firewall rules from the backend to my connection server and vdi machines.
Even if its different VLAN, please make sure all the ports are opened otherwise un-necessary issues will pop-up. !
Yes, i have tested it out and everything seems to be working
good you sorted this