[j-nsp] DNS

SunnyDay cscosunny at gmail.com
Tue Mar 2 02:13:29 EST 2010


FW1 is doing a source based nat and i can ping from FW2 any dns even google.

On 1/3/2010 3:10 μμ, Barny Sanchez wrote:
> 1) Can you verify that you can ping from FW2 to 4.2.2.2?.  If it works, then probably you have a DNS misconfigured.
> 2) If the previous doesn't work, can you verity that you have a correct routing in place and also that FW1 has a proper policy in place, you can start by testing with a any to any policy.
>
>
> This is the bare minimal things to check, but there are other problems to consider, such as:
> 1) NAT misconfiguration.
> 2) Routing missconfiguration.
> 3) Without knowing anyting more about your environment, could be a vsys problem (high-end firewalls).
> 4) VPNs involved?
>
> Thanks,
>
>
>
> Barny Sanchez | Consulting Engineer - Security Systems | Juniper Networks
>
>
>
>
> On Mar 1, 2010, at 7:04 AM, SunnyDay wrote:
>
> Hello
> I Have 2 netscreen firewall connected on behind the other.
>                      eth0    eth1       eth3
> internet<-------FW1<---------->FW2
>
> My problem is that FW2 from the cli is not able to do name resolution.eg:
> ping www.google.com.FW1<http://www.google.com.FW1>  is able to ping www.google.com<http://www.google.com>
> I configured on FW2 open dns with source interface eth3 with no luck any
> ideas?
>
> Regards
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net<mailto:juniper-nsp at puck.nether.net>
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
>
>    



More information about the juniper-nsp mailing list