What could be causing this problem?

You have created your tunnel interface in the Untrust zone. Traffic from the Trust zone is able to enter the tunnel and pass to the destination. However traffic from a different interface in the Untrust zone is not able to pass traffic through the tunnel. You are using a single virtual router. What could be causing this problem?

You have created your tunnel interface in the Untrust zone. Traffic from the Trust zone is able to enter the tunnel and pass to the destination. However traffic from a different interface in the Untrust zone is not able to pass traffic through the tunnel. You are using a single virtual router. What could be causing this problem?

A.
Two virtual routers need to be configured

B.
A policy is needed since intra-zone blocking is on by default in the Untrust zone.

C.
The tunnel is configured with a proxy id that does not include the address from the Untrust interface.

D.
The routing tables are not correctly configured to allow the traffic from the Untrust source to be delivered to the destination.

Explanation:
To control traffic that traverses the same zone, a zone level option is available — "Block Intra-zone Traffic". This option can be set through the WebUI or the CLI. WebUI select: Network -> Zones -> Edit <select zone> CLI: set zone <zone name> block
This is an "All or Nothing" feature that is disabled by default on all zonesin the Trust-VR, except for the Untrust zone (where it is enabled by default). When the option is set or the check box is selected, all traffic between interfaces within the specified zone will be blocked. This holds true EXCEPT when there is an Intra-zone policy configured. Intra-zone policies will take precedence over or override thezone blocking setting



Leave a Reply 0

Your email address will not be published. Required fields are marked *