Routing between 2 single ips across VLANs

So I’m stumped… I have a “main” trusted bridge (on ports 1 and 2) for our main network with a 10.0.0.0 range and the DC is on 10.0.0.10. I have a trusted interface with a VLAN with range 192.168.50.0. The only this on that network is File Transfer Server on 192.168.50.10. I have it configured and working so all 10.0.0.X devices can see and use the MFT over https. And that the MFT cannot see the 10.0.0.0 network. Now I need to allow the MFT to use AD for creating and managing accounts. Basically, I need a path between 192.168.50.10 and 10.0.0.10. I’ve tried going all the way to an Any rule, but can’t get the MFT to see the domain. I can ping between to two ips, however… ugh. Any suggestions welcome!

Answers

  • @pkirill ,

    Enable logging on the any-any policy between your Trusted 10.x network and the VLAN 192.x network, then have your MFT try and connect to your DC and monitor the traffic. Do you see any allowed traffic with ports 135, 389, 445, 464 that the MFT would use to query the AD server?
    If so, then I would look at the authentication method the MFT is using to query your AD server.
    If you see the traffic being denied, I would revisit the any-any policy and make sure things are pointing in the right direction.
    If you don't see any traffic I would look at the MFT's configuration and make sure it's pointing to your DC.

    • Doug

    It's usually something simple.

Sign In to comment.