Dear All,
I have two Astaro v3.214 firewalls both with two interfaces each, one LAN and one Internet. The two ASL boxes are running a VPN with NET2NET static IP configuration and all works well.
Ping 192.168.6.x from 192.168.1.x and vice-versa and get a reply, all good. The problem is the 192.168.1.x is attached to a 192.168.2.x stub network and I would like to route from the 192.168.6.x network to the 192.168.2.x network and vice-versa.
I can place a static route from the 192.168.1.x ASL box to 192.168.2.x network and I can use the GUI to place a static route on the ASL box on the 192.168.6.x network to 192.168.2.x but it does not appear in the kernel route table. The router that joins the 192.168.2.x network to the 192.168.1.x network has a route set to the 192.168.1.x ASL box, you can succesfully trace from 192.168.2.x across the router to the 192.168.1.x ASL box.
I have tried putting a static route on the 192.168.6.x ASL box and it will take it providing the next hop is directly attached to the 192.168.6.x network. It appears the ASL boxes WILL NOT accept a static route across the VPN link.
Proof of this is received by entering the static route with GUI, seeing no entry in kernel route table and then tracing to the remote network. The trace goes straight out the default gateway, in this case straight out to the internet. Guess what? The next half dozen routers actually try and route the private IP address. Amazing! So can anybody tell me what's wrong because I am beat.
Regards PeterB.
This thread was automatically locked due to age.
