From: mousemen@you.com
There has been a new development on this that is not makeing sense to me.
Moved the netscreen to a new location that has static ip's/ Now it will only
get on if I type in the ip address of the site not the dns url. Its having
an issue resolving addresses. The old location it was set to go out thru a
linksys router.Put in the static ip's for that network and gateway as the
linksys address. All worked there. New location has static ip's on a dsl
account. Heres the layout. DSL comes in to netopia that has dhcp and nat
turned off. 2 other routers connect thru by setting up the ip's and dns
servers (Belkin.Netgear) Those work just fine. In the netscreen put in the
static ip's on the untrust side with the gateway set to the netopia just
like the other routers.Put in the dns server given by the isp. I can ping
the gateway and outside world only by ip. I can go to sites if I type in the
ip address. Put in a url and it can't go. Changed dns to the gateway and to
the trust side ip still the same. Now if the same settings work in the other
routers why is this having an issue resolving correctly.
Internet > DSL modem > switch> 3 routers. (belkin. netgear.work fine)(NS not
resolving addresses.)
Policy on outgoing is set to any just like it was before. Any ideas or help
is appreciated.
"Mousemen" wrote in message
news:EbadnWvVsPIz4ffYnZ2dnUVZ_qWdnZ2d@comcast.com...
> Ok. Everything was setup right from what I could tell. From what I could
> tell I had to change the bandwidth on the trust interface from 0 to
> something.I matched the untrust and trust with 1024 and it works.I was
> able to ping but unable to move traffic thru the web browser, Now I have
> to get help on the vpn setup.I dont know if this is possible but I would
> like to setup a group and then just add users as I need or take away.I am
> essentially trying to learn this and a cisco pix501 to be able to set them
> up and have multiple sites connected together.
>
>
> "Doug McIntyre" wrote in message
> news:4569c07e$0$41738$892e0abb@auth.newsreader.octanews.com...
>> "Mousemen" writes:
>>>Its down as I took it of the network temporarily until I can get someone
>>>to
>>>help me with it. I just pulled up the settings from that to see if I
>>>messed
>>>up the trust ip's/. Not sure if I got the manage ip, trust ip and gateway
>>>correct. When its connected to the cable modem it will pull an ip from
>>>that.I'll hook up my laptop to it and it will get an ip.I can use the
>>>webgui
>>>to get to the management screens buts as far as it will let me get. Can't
>>>get out to the internet with it. Do I need to setup the bandwidth useage
>>>(how if so?) or any other policies. I have had it reset to default. I
>>>connected the terminal cable to it to only pull the settings on the trust
>>>side incase someone notices something there.
>>
>> Okay, there wasn't enough config/status posted in your first message
>> to determine if something was right or wrong or what the problem was,
>> other than you were showing the interface as down.
>>
>> Otherwise, the bit you posted looked okay.
>>
>> First steps to troubleshoot your problem.
>>
>> Make sure you can ping outwards from the firewall and get to your
>> next-hop gateway.
>>
>> Make sure that you have a default static route installed.
>>
>> Make sure that you have a policy from Trust->Untrust allowing
>> All-All-Any.
>> (not every network wants this policy, but it is a default policy, and
>> lets outbound traffic get out).
>>
>> If you are doing NAT (IIRC, you were), make sure the default any
>> outbound policy has the NAT flag checked.
>>
>>
>> You do NOT need to worry about bandwidth setup, or logging or usage at
>> this point. Your basic setup is to put the IPs on the interfaces,
>> setup the default route, and check on your policies. The policies and
>> interfaces are what you need to worry about starting out.
>>
>>
>
>
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)
|
