FW1 is doing a source based nat and i can ping from FW2 any dns even google.
On 1/3/2010 3:10 μμ, Barny Sanchez wrote:
1) Can you verify that you can ping from FW2 to 4.2.2.2?. If it works, then
probably you have a DNS misconfigured.
2) If the previous doesn't work, can you verity that you have a correct routing
in place and also that FW1 has a proper policy in place, you can start by
testing with a any to any policy.
This is the bare minimal things to check, but there are other problems to
consider, such as:
1) NAT misconfiguration.
2) Routing missconfiguration.
3) Without knowing anyting more about your environment, could be a vsys problem
(high-end firewalls).
4) VPNs involved?
Thanks,
Barny Sanchez | Consulting Engineer - Security Systems | Juniper Networks
On Mar 1, 2010, at 7:04 AM, SunnyDay wrote:
Hello
I Have 2 netscreen firewall connected on behind the other.
eth0 eth1 eth3
internet<-------FW1<---------->FW2
My problem is that FW2 from the cli is not able to do name resolution.eg:
ping www.google.com.FW1<http://www.google.com.FW1> is able to ping
www.google.com<http://www.google.com>
I configured on FW2 open dns with source interface eth3 with no luck any
ideas?
Regards
_______________________________________________
juniper-nsp mailing list
juniper-nsp@puck.nether.net<mailto:juniper-nsp@puck.nether.net>
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
