Symantec Privileged Access Management

  • Private Community

  • 1.  URGENT - NIC Issue On PAM

    Posted Sep 13, 2018 09:49 AM
      |   view attached

    Dear All,

     

    We are deploying PAM in our environment and ran into below issue, please help.

     

    We have added 2nd NIC to connect the Appliance to Another Isolated Network and we did below configuraion

    a) Assigned IP to NIC and Netmask

    b) Trying to add additional route but getting attached error.

     

    Unable to Ping 2nd NIC.

    1st NIC is reachable via Ping.

     

    Let me know need more info.

     

    Thanks

    Yogesh



  • 2.  Re: URGENT - NIC Issue On PAM

    Broadcom Employee
    Posted Sep 13, 2018 09:58 AM

    Hi Yogesh, Please show us what you enter in the various fields on the "Add IPv4 Route” page.



  • 3.  Re: URGENT - NIC Issue On PAM

    Posted Sep 13, 2018 10:04 AM

    Below is the information, i have asked for screenshort, will send you ASAP.

     

    Destination: Have entered the IP of 2nd NIC. (What should be the destination address ?)
    Netmask: Netmask for 2nd NIC
    Gateway: Gateway IP for 2nd NIC.
    Metric: Empty
    Device: GB2.

     

    Thanks

    Yogesh



  • 4.  Re: URGENT - NIC Issue On PAM
    Best Answer

    Broadcom Employee
    Posted Sep 13, 2018 10:39 AM

    Hi Yogesh, A route it a path to a remote destination. Using a local IP doesn't make sense. PAM adds network routes, not host routes. The IP has to be the first IP in the subnet defined by IP and mask.

     

    Examples:

    1. Route for traffic to single remote IP 10.11.12.13
      1. IP=10.11.12.13
      2. Netmask=255.255.255.255
    2. Route for IPs in the range 10.11.12.8-10.11.12.15.
      1. IP=10.11.12.8
      2. Netmask=255.255.255.248
    3. Route for IPs in the range 11.12.13.0-11.12.13.255
      1. IP=10.12.13.0
      2. Netmask=255.255.255.0
    4. Route for IPs in the range 12.13.0.0-12.13.255.255
      1. IP=12.13.0.0
      2. Netmask=255.255.0.0

     

    In all cases the gateway is the IP address of the gateway that PAM should connect to when trying to reach an IP within the defined route. Typically routes for a given interface like GB2 will have the same gateway.

    The interface selection determines which interface PAM will use for the outgoing connection.



  • 5.  Re: URGENT - NIC Issue On PAM

    Posted Sep 13, 2018 11:18 AM

    Hi Ralf,

    As you mentioned , the destination IP should be the first IP of the subnet.
    Is it default gateway?
    We are providing the first IP of the subnet but its not taking.

    Example.

    For NIC 2

    DG - x.y.168.1
    NIC2 IP - x.y.168.15

    We are trying to give , first IP as x.y.168.2 its not working.
    Not sure but it is taking x.y.168.0 (which is not IP in the subnet).

    Let me know if need more info.

     

     

    Let me also explain full scenario

     

    We have two networks A and B, where we have devices we want to reach.

     

    So, We are deplyoing PAM on Network A which has two NICs (Default + 2nd NIC to connect to network B).

     

    Now, NIC for A is working fine, For Network B we have added 2nd NIC and assigned IP and Netmask so we can reach to network B.

     

    After PAM is powerd on,

    In network settings, we have setting for GB1 working fine.

    For GB2 , we are trying to add additional route so that PAM can reach network B.

    Which is not working.

    Hope this is clear.

    Thanks
    Yogesh




















  • 6.  Re: URGENT - NIC Issue On PAM

    Broadcom Employee
    Posted Sep 13, 2018 12:57 PM

    Hi Yogesh, The IP you enter in the Destination field is not the address of a specific device, but the starting address of the range of IPs you want to be covered by the route rule. Say you want the outgoing connections to all IPs in the 10.10.10.X subnet to be routed through interface GB2. This is the address range from 10.10.10.0 to 10.10.10.255. It doesn't matter which addresses in this range actually are assigned to devices and which are not. This range of addresses is defined by route:
    Address=10.10.10.0

    Netmask=255.255.255.0

     

    You can also check man pages like https://linux.die.net/man/8/route to understand syntax for the "route add -net” command. Hope that helps.