VMware Horizon Community
pogchamp
Contributor
Contributor
‎03-09-2018 07:07 PM
Jump to solution

Unfied access gateway 3 nic deployment

​I'm trying to set a unfied access gateway up in my lab, with 3 nic's.

​My plan with the 3 nic deployment is, to forward External users through the Internet facing nic which has an ip of 10.1.60.10 and then when they reach the backend network, they should go through the backend nic which has an ip of 10.1.60.11, and then i have made the firewall rules from the backend to the connection servers in another vlan, and the interfnetacing nic only has NAT rules  "from my firewall to the UAG internet facing nic". Is this even possible to make, because it seems i cannot get it to work properly. I'm also making a static route from backend nic to the connection servers.

​I hope someone can help me out a bit, since i'm completely out of ideas. I should note that, if i still have the three nics, and then do everythng on the internetfacing nic, everything works, though i do have management in a completely seperated vlan

1 Solution

Accepted Solutions
techguy129
Expert
Expert
‎03-10-2018 06:46 AM
Jump to solution

Any way for you to change your internet and backend NIC so they aren't on the same subnet?

I suspect either a routing issue or an internal firewall rule issue on the UAG appliance.

View solution in original post

0 Kudos
9 Replies
balagbm2017
Enthusiast
Enthusiast
‎03-09-2018 08:29 PM
Jump to solution

can you draw some high level diagrams to get more insight into your requirements.?

0 Kudos
jeetu12iu
Contributor
Contributor
‎03-10-2018 01:35 AM
Jump to solution

also what is use case , just trying to understand typical / complex use case on why we need 3 nic configuration

0 Kudos
pogchamp
Contributor
Contributor
‎03-10-2018 04:21 AM
Jump to solution

Well essentially i want to it setup in this picture "DMZ Design for VMware Unified Access Gateway and the use of Multiple NICs​ with the three nic deployment, but the difference in my setup, i have the management nic on a completely isolated vlan.

Right now my setup is the following: from my Edgerouter i have forwarded the required ports to the internetfacing nic, and then i have made the firewall rules from the backend nic to my connection server. And the management nic is in a isolated vlan.

I hope that brings more insight Smiley Happy.

0 Kudos
techguy129
Expert
Expert
‎03-10-2018 06:46 AM
Jump to solution

Any way for you to change your internet and backend NIC so they aren't on the same subnet?

I suspect either a routing issue or an internal firewall rule issue on the UAG appliance.

0 Kudos
pogchamp
Contributor
Contributor
‎03-10-2018 07:48 AM
Jump to solution

Sure, i can try to deploy a new one, with each NIC in the different vlan's.

0 Kudos
pogchamp
Contributor
Contributor
‎03-10-2018 08:37 AM
Jump to solution

Thanks everyone,

I was stupid enough to have my Internetfacing nic and backend on the same subnet, which i thought was the correct way of doing it.

I just made a new VLAN for backend and firewall rules from the backend to my connection server and vdi machines.

balagbm2017
Enthusiast
Enthusiast
‎03-10-2018 08:52 AM
Jump to solution

Even if its different VLAN, please make sure all the ports are opened otherwise un-necessary issues will pop-up. !

0 Kudos
pogchamp
Contributor
Contributor
‎03-10-2018 09:10 AM
Jump to solution

Yes, i have tested it out and everything seems to be working

0 Kudos
jeetu12iu
Contributor
Contributor
‎03-11-2018 09:52 PM
Jump to solution

good you sorted this

0 Kudos