Cloud Managed Networks

 View Only
last person joined: yesterday 

Forum to discuss all things Aruba Central and UXI Network Management, this includes Aruba Central managed networks, Central configuration, best practices, Central APIs, Cloud Guest, AIOps, Presence Analytics and Other Central Applications
Expand all | Collapse all

The WAN Uplink IP address cannot be pingged

This thread has been viewed 31 times
  • 1.  The WAN Uplink IP address cannot be pingged

    Posted Mar 15, 2022 10:36 AM
    Hi, 
    I have configured VLAN 4094 for the uplink port (G0/0/3) and after ztp I changed the IP assignment from DHCP to static and added the IP address and subnet for the uplink. before this, however, I configured the default gateway address under static default gateway in the routing section. I can ping any address on the internet but from the internet, I cannot ping the uplink IP address. I checked WLAN policies and ICMP is allowed by default (sys-sv-icmp permitted from any source address).

    Do you have any idea how to fix this issue?

    ------------------------------
    Esmail Ayobinia
    ------------------------------


  • 2.  RE: The WAN Uplink IP address cannot be pingged

    EMPLOYEE
    Posted Mar 15, 2022 07:11 PM
    if you are referring to Aruba branch gateways, there is a DNAT on the INET facing uplinks
    so generally you should not be able to ping the Internet IP address of a branch gateway unless you specifically allow it.

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
    ------------------------------



  • 3.  RE: The WAN Uplink IP address cannot be pingged

    Posted Mar 15, 2022 11:40 PM
    Hi, 
    Thank you for your reply, actually, it is about VPNC uplink. for the  WAN uplink, I am using the same  IP (public) as private (configure for VLAN 4094) and the public as well, but still cannot ping it. Or probably I  should configure a private address and then configure a 1:1NAT translation on the gateway itself (Interface-> Pool Management->Static 1:1NAT)? 


    ------------------------------
    Esmail Ayobinia
    ------------------------------


  • 4.  RE: The WAN Uplink IP address cannot be pingged

    EMPLOYEE
    Posted Mar 16, 2022 01:53 AM
    is there a Firewall in front of the VPNC that is Internet facing?

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
    ------------------------------



  • 5.  RE: The WAN Uplink IP address cannot be pingged

    Posted Mar 16, 2022 01:56 AM
    no, it is directly connected to the internet, no devices in between.

    ------------------------------
    Esmail Ayobinia
    ------------------------------



  • 6.  RE: The WAN Uplink IP address cannot be pingged

    EMPLOYEE
    Posted Mar 16, 2022 02:11 AM
    then i suggest to have an internal RFC1918 IP address for another interface and then do a 1:1 static NAT

    ------------------------------
    Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
    ------------------------------



  • 7.  RE: The WAN Uplink IP address cannot be pingged

    Posted Mar 16, 2022 02:38 AM
    so, do I need to change the VLAN 4094 IP address from the public to an RFC1918 IP address and then do a 1:1 static NAT? Or do you know any instructions on how to do it?



    ------------------------------
    Esmail Ayobinia
    ------------------------------



  • 8.  RE: The WAN Uplink IP address cannot be pingged

    Posted Mar 16, 2022 12:00 PM
    I changed the VLAN 4094 IP address from the public to an RFC1918 IP address (10.10.10.10)  and then did a 1:1 static NAT. But it didn't work. Using the command line I can see that WAN port 3 is up, but in the device overview, it looks to be down.



    ------------------------------
    Esmail Ayobinia
    ------------------------------