PA220 routing issue

VinceChan — Fri, 03 Aug 2018 00:30:34 GMT

I have three PA220s, let's call them

PA220-A

PA220-B

PA220-C

They are connected in the following manner:

PA220-A ---- PA220-B ----- PA220-C

All three have an Inside and Outside Interface. All the Outside interfaces are connected via a Layer2 network. My IP addressing, let's say it's the following:

PA220-A - Outisde - 172.16.10.1

PA220-A - Inside 192.168.0.0/24 (192.168.0.1/24)

PA220-B - Outside - 172.16.10.2

PA220-B - Inside - 192.168.1.0/24 (192.168.1.1/24)

PA220-C - Outside - 192.168.1.0/24 (192.168.1.2/24)

PA220-C - Inside - 192.168.2.0/24 (192.168.2.1/24)

When I'm pinging from the outside interface of PA220-C, I can traverse the entire network into PA220-A, and vice versa. But when I try to ping from PA220-C inside network, I get a timeout. But I can ping between the Inside and Outside interface of PA220-C. I belive it's a routing issue, but I'm banging my head against the wall trying to figure this one out.

If anyone has any suggestions on areas to look at, that would be helpful.

It's also noted that I have deleted all firewall rules on all three PA220, just to test connectivity first. I have also changed the default rules to allow all traffic regardless.

Re: PA220 routing issue

OtakarKlier — Fri, 03 Aug 2018 15:33:59 GMT

Hello,

Make sure you are allowing ping via the management profile for hte interfce and allowing ping via the policies. The traffic logs should tell you where they are getting blocked.

Regards,

Re: PA220 routing issue

VinceChan — Fri, 10 Aug 2018 15:31:13 GMT

After stepping away from the issue for a day, I was able to to logically map out my issue. The problem was I didn't have a route back from PA220-B to PA220-C. I had routes that would get me to PA220-A and PA220-B.

Thanks

topic PA220 routing issue in General Topics

PA220 routing issue

Re: PA220 routing issue

Re: PA220 routing issue