soo.. I have 2 sonicwalls in our data center. we have a block of 30 IP addresses we can use.
for the sake of simplicity we can use 10.0.0.2-10.0.0.31 with a gateway of 10.0.0.1
sonicwall 1 is configured as such
WAN - 10.0.0.2
Subnet 255.255.255.224
Gateway 10.0.0.1
there are various servers behind this sonicwall that are using other ip addresses in our range.
so 10.0.0.3-10.0.0.15 are sitting behind this sonicwall.
Sonicwall 2 is configured:
Wan IP 10.0.0.25
subnet 255.255.255.224
Gateway 10.0.0.1
all of the servers behind this firewall that need to communicate with one of the servers behind the first sonicwall.
the public IP of the server they need to communicate with is 10.0.0.5.
I can ping sonicwall 2's public IP from a server behind sonicwall 1.
If i do a traceroute from a server behind SW1 to SW2's public ip address it takes 1 hop.
I can not ping the public IP of 10.0.0.5 on SW1 froma server behind SW2., i can also not traceroute from a server behind SW2 to the public IP on SW1.
I can ping and traceroute all of the public IP's from outside the network.
SW1 can ping SW2 directly from the Diagnostics interface.
SW2 can not ping SW1 from the Diagnostics interface.
there are no custom routes setup. no custom firewall rules other than the ones needed to allow traffic from the internet through to the servers. it makes no sense ot me that traffic works perfectly from SW1 to SW2 but not the other way around. Obviously if devices behind SW1 can ping SW2 then the SW1 knows how to get to SW2 and SW2 knows how to get back. so it stands to reason for me at least that SW2 should know how to get to SW1 since I have already established it can and that SW1 can get back to SW2 again I have already established they know the routes since ping works one way.
any suggestions? i've tried adding an explicit route, adding firewall rules to allow all traffic in and out from both ip addresses on both sides. Ieven tried turning on RIP on the WAN interfaces.