Cloud Managed Networks

Hi, 
I have configured VLAN 4094 for the uplink port (G0/0/3) and after ztp I changed the IP assignment from DHCP to static and added the IP address and subnet for the uplink. before this, however, I configured the default gateway address under static default gateway in the routing section. I can ping any address on the internet but from the internet, I cannot ping the uplink IP address. I checked WLAN policies and ICMP is allowed by default (sys-sv-icmp permitted from any source address).

Do you have any idea how to fix this issue?

------------------------------
Esmail Ayobinia
------------------------------

if you are referring to Aruba branch gateways, there is a DNAT on the INET facing uplinks
so generally you should not be able to ping the Internet IP address of a branch gateway unless you specifically allow it.

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
------------------------------

Original Message:
Sent: Mar 15, 2022 04:20 AM
From: Esmail Ayobinia
Subject: The WAN Uplink IP address cannot be pingged

Hi, 
I have configured VLAN 4094 for the uplink port (G0/0/3) and after ztp I changed the IP assignment from DHCP to static and added the IP address and subnet for the uplink. before this, however, I configured the default gateway address under static default gateway in the routing section. I can ping any address on the internet but from the internet, I cannot ping the uplink IP address. I checked WLAN policies and ICMP is allowed by default (sys-sv-icmp permitted from any source address).

Do you have any idea how to fix this issue?

------------------------------
Esmail Ayobinia
------------------------------

Hi, 
Thank you for your reply, actually, it is about VPNC uplink. for the  WAN uplink, I am using the same  IP (public) as private (configure for VLAN 4094) and the public as well, but still cannot ping it. Or probably I  should configure a private address and then configure a 1:1NAT translation on the gateway itself (Interface-> Pool Management->Static 1:1NAT)? 


------------------------------
Esmail Ayobinia
------------------------------

is there a Firewall in front of the VPNC that is Internet facing?

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
------------------------------

Original Message:
Sent: Mar 15, 2022 11:39 PM
From: Esmail Ayobinia
Subject: The WAN Uplink IP address cannot be pingged

Hi, 
Thank you for your reply, actually, it is about VPNC uplink. for the  WAN uplink, I am using the same  IP (public) as private (configure for VLAN 4094) and the public as well, but still cannot ping it. Or probably I  should configure a private address and then configure a 1:1NAT translation on the gateway itself (Interface-> Pool Management->Static 1:1NAT)? 


------------------------------
Esmail Ayobinia
------------------------------

no, it is directly connected to the internet, no devices in between.

------------------------------
Esmail Ayobinia
------------------------------

Original Message:
Sent: Mar 16, 2022 01:53 AM
From: Ariya Parsamanesh
Subject: The WAN Uplink IP address cannot be pingged

is there a Firewall in front of the VPNC that is Internet facing?

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.

Original Message:
Sent: Mar 15, 2022 11:39 PM
From: Esmail Ayobinia
Subject: The WAN Uplink IP address cannot be pingged

Hi, 
Thank you for your reply, actually, it is about VPNC uplink. for the  WAN uplink, I am using the same  IP (public) as private (configure for VLAN 4094) and the public as well, but still cannot ping it. Or probably I  should configure a private address and then configure a 1:1NAT translation on the gateway itself (Interface-> Pool Management->Static 1:1NAT)? 


------------------------------
Esmail Ayobinia
------------------------------

then i suggest to have an internal RFC1918 IP address for another interface and then do a 1:1 static NAT

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.
------------------------------

Original Message:
Sent: Mar 16, 2022 01:56 AM
From: Esmail Ayobinia
Subject: The WAN Uplink IP address cannot be pingged

no, it is directly connected to the internet, no devices in between.

------------------------------
Esmail Ayobinia

Original Message:
Sent: Mar 16, 2022 01:53 AM
From: Ariya Parsamanesh
Subject: The WAN Uplink IP address cannot be pingged

is there a Firewall in front of the VPNC that is Internet facing?

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.

Original Message:
Sent: Mar 15, 2022 11:39 PM
From: Esmail Ayobinia
Subject: The WAN Uplink IP address cannot be pingged

Hi, 
Thank you for your reply, actually, it is about VPNC uplink. for the  WAN uplink, I am using the same  IP (public) as private (configure for VLAN 4094) and the public as well, but still cannot ping it. Or probably I  should configure a private address and then configure a 1:1NAT translation on the gateway itself (Interface-> Pool Management->Static 1:1NAT)? 


------------------------------
Esmail Ayobinia
------------------------------

so, do I need to change the VLAN 4094 IP address from the public to an RFC1918 IP address and then do a 1:1 static NAT? Or do you know any instructions on how to do it?



------------------------------
Esmail Ayobinia
------------------------------

Original Message:
Sent: Mar 16, 2022 02:10 AM
From: Ariya Parsamanesh
Subject: The WAN Uplink IP address cannot be pingged

then i suggest to have an internal RFC1918 IP address for another interface and then do a 1:1 static NAT

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.

Original Message:
Sent: Mar 16, 2022 01:56 AM
From: Esmail Ayobinia
Subject: The WAN Uplink IP address cannot be pingged

no, it is directly connected to the internet, no devices in between.

------------------------------
Esmail Ayobinia

Original Message:
Sent: Mar 16, 2022 01:53 AM
From: Ariya Parsamanesh
Subject: The WAN Uplink IP address cannot be pingged

is there a Firewall in front of the VPNC that is Internet facing?

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.

Original Message:
Sent: Mar 15, 2022 11:39 PM
From: Esmail Ayobinia
Subject: The WAN Uplink IP address cannot be pingged

Hi, 
Thank you for your reply, actually, it is about VPNC uplink. for the  WAN uplink, I am using the same  IP (public) as private (configure for VLAN 4094) and the public as well, but still cannot ping it. Or probably I  should configure a private address and then configure a 1:1NAT translation on the gateway itself (Interface-> Pool Management->Static 1:1NAT)? 


------------------------------
Esmail Ayobinia
------------------------------

I changed the VLAN 4094 IP address from the public to an RFC1918 IP address (10.10.10.10)  and then did a 1:1 static NAT. But it didn't work. Using the command line I can see that WAN port 3 is up, but in the device overview, it looks to be down.



------------------------------
Esmail Ayobinia
------------------------------

Original Message:
Sent: Mar 16, 2022 02:37 AM
From: Esmail Ayobinia
Subject: The WAN Uplink IP address cannot be pingged

so, do I need to change the VLAN 4094 IP address from the public to an RFC1918 IP address and then do a 1:1 static NAT? Or do you know any instructions on how to do it?



------------------------------
Esmail Ayobinia

Original Message:
Sent: Mar 16, 2022 02:10 AM
From: Ariya Parsamanesh
Subject: The WAN Uplink IP address cannot be pingged

then i suggest to have an internal RFC1918 IP address for another interface and then do a 1:1 static NAT

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.

Original Message:
Sent: Mar 16, 2022 01:56 AM
From: Esmail Ayobinia
Subject: The WAN Uplink IP address cannot be pingged

no, it is directly connected to the internet, no devices in between.

------------------------------
Esmail Ayobinia

Original Message:
Sent: Mar 16, 2022 01:53 AM
From: Ariya Parsamanesh
Subject: The WAN Uplink IP address cannot be pingged

is there a Firewall in front of the VPNC that is Internet facing?

------------------------------
Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba.

Original Message:
Sent: Mar 15, 2022 11:39 PM
From: Esmail Ayobinia
Subject: The WAN Uplink IP address cannot be pingged

Hi, 
Thank you for your reply, actually, it is about VPNC uplink. for the  WAN uplink, I am using the same  IP (public) as private (configure for VLAN 4094) and the public as well, but still cannot ping it. Or probably I  should configure a private address and then configure a 1:1NAT translation on the gateway itself (Interface-> Pool Management->Static 1:1NAT)? 


------------------------------
Esmail Ayobinia
------------------------------