cannot browse

Hi

Please help with this scenario.

The below setup works fine in terms of the LAN PCs being able to browse the
Web Server (and successfully ping the server, etc).

One day, there was some internet connectivity issue. So, ISP came to change
the modem (from Cisco to ZyXel P964). With the ZyXel in place, our LAN PCs
cannot browse the Web Server (and cannot ping); however, the LAN PCs can
access the internet to other sites ok.

Apparently, the issue seems to lie in the modem (to me). Please let me know
where the problem might be and how I can fix it.

Thanks
Steve


internet
|
Cisco Cable
Modem uBR900
/ \
/ \
SonicWall D-Link Firewall
| | | | |
LAN PCs Web Server

The Zexel is a Firewall with a 4 port built-in Switch on the LAN facing
side. what you now have it really this

> internet
> |
> Zexel Firewall
> x
> LAN facing Switch
> / \
> / \
> SonicWall D-Link Firewall
> | | | | |
> LAN PCs Web Server

If the Sonic Wall and the D-Link Firewall are not now using comaptible
TCP/IP settings on their External Sides and if the D-Link Firewall isn't
configured to "publish" (probably Static-NAT) the Webserver to the subnet
between it and the Zexel box,...it is not going to work.

If it were mine, I get rid of over half that equipment and it would look
like this....

internet
|
Firewall
| | | | |
LAN PCs & Web Server

If I wanted a Back-to-Back DMZ, it would look like this:

internet
|
Outer Firewall
|
<DMZ>
|
Inner Firewall
| | | | |
LAN PCs & Web Server

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------

As for the Cisco vs. Zyxel, I was thinking there must be something different
in the Zyxel that I could change so that it works the same way as the Cisco.

Anyway, thank you for the reconfiguration of LAN/Firewall setup. I will
definitely consider that.

Steve

"Phillip Windell" <@.> wrote in message
news:urxu%(E-Mail Removed)...
> The Zexel is a Firewall with a 4 port built-in Switch on the LAN facing
> side. what you now have it really this
>
>> internet
>> |
>> Zexel Firewall
>> x
>> LAN facing Switch
>> / \
>> / \
>> SonicWall D-Link Firewall
>> | | | | |
>> LAN PCs Web Server
>
> If the Sonic Wall and the D-Link Firewall are not now using comaptible
> TCP/IP settings on their External Sides and if the D-Link Firewall isn't
> configured to "publish" (probably Static-NAT) the Webserver to the subnet
> between it and the Zexel box,...it is not going to work.
>
> If it were mine, I get rid of over half that equipment and it would look
> like this....
>
> internet
> |
> Firewall
> | | | | |
> LAN PCs & Web Server
>
> If I wanted a Back-to-Back DMZ, it would look like this:
>
> internet
> |
> Outer Firewall
> |
> <DMZ>
> |
> Inner Firewall
> | | | | |
> LAN PCs & Web Server
>
> --
> Phillip Windell [MCP, MVP, CCNA]
> www.wandtv.com
> -----------------------------------------------------
> Understanding the ISA 2004 Access Rule Processing
> http://www.isaserver.org/articles/IS...cessRules.html
>
> Microsoft Internet Security & Acceleration Server: Guidance
> http://www.microsoft.com/isaserver/t...dance/2004.asp
> http://www.microsoft.com/isaserver/t...dance/2000.asp
>
> Microsoft Internet Security & Acceleration Server: Partners
> http://www.microsoft.com/isaserver/partners/default.asp
> -----------------------------------------------------
>
>
>