0

I have 5 vlans.

vlan 1 hosts the website with public ip 67.x.x.x. Hosts are in domain1

vlan 2-4 are able to access the website using via domain name which resolves to external ip 67.x.x.x. Hosts are all in domain2, domain3,domain4.

vlan 5 has 4 hosts, 1 Domain Controller, 1 Remote Desktop Gateway, the rest is miscellaneous all joined to an AD domain domain5.

The strange part, vlan 5 hosts are unable to access the website hosted on vlan1 EXCEPT the RDG host. The RDG host is able to access it.

I've checked firewall rules, disable firewall on both the vlan1 website host and the client in vlan5.

I've attempted to move vlan5 client into vlan1 and changed the gateway and dns. Still no luck.

I've edited the hosts file attempting to manually assign the local IP to vlan1 webhost to resolve to domain name. That only worked after clearing dns cache 5 times.

So, why is the RDG gateway able to access the site normally without edits to the hosts file, and every other one inside the same domain as RDG is not (without editing hosts file)? Any clues?

Darius
  • 315
  • 5
  • 15

1 Answers1

0

I think one would need to know a lot more about the configuration of this setup before definitive answers could be offered. Are all of the hosts on the same switch? Does the RDG have an external IP? Is the RDG configured to use a different DNS server than the other VLAN 5 servers? Does the website server have an internal IP address that is translated (NAT) by a firewall or other appliance? If you ping the website URL from a VLAN 5 server, do you get a different IP address than you do from the RDG?

Most likely the network path between the RDG and the website is different from the other servers on VLAN 5. Trace through the network path from two distinct servers and see if you can see a relevant difference.

Prof Von Lemongargle
  • 286
  • 3
  • 9
  • All hosts use same switch, RDG has external IP, RDG uses same DNS as the other vlan5 server. The website has an internal ip + external and DNS finds the external IP. When I ping I always get the correct external IP on all hosts (including ones that don't work). The one interesting thing I found with "TRACERT site.tld" is that it stops at the gateway hop on all hosts. So it's being internally redirected? Same with the working hosts. Thank you Prof. Edit: Hosts that don't have a dedicated public IP(they're shared) can still connect. So RDG having one shouldn't make a difference I hope. – Darius Feb 04 '20 at 19:10
  • A stop at the gateway suggests that there could be a routing problem on the way back. Have you traced the route from the public server back to the internal server? If there is a NAT, that won't work well, but the return route could be the issue. – Prof Von Lemongargle Feb 05 '20 at 20:53