I was playing with additional address in Sophos and TMG. But i just don't understand how it works. Because Additional address seems to be bound to the default first WAN address.
I have a Cisco with 3 WAN ranges (example) that the 2 firewalls connect to
IP pack 1: 1.1.1.0/24
IP pack 2: 2.2.2.0/24
IP pack 3: 3.3.3.0/24
TMG WAN IP: 1.1.1.1/24
Additional address 2.2.2.1/24
Sophos WAN IP: 3.3.3.1/24
Additional address 2.2.2.2/24
With TMG i can access both 1.1.1.1/24 & 2.2.2.1/24 from the internet.
On the Sophos you can access 3.3.3.1/24 but can't connect to the Additional address 2.2.2.2/24
When you connect from the internet -> to 2.2.2.2, how does the cisco know how to forward the packets to the Sophos alternate address 2.2.2.2/24?
How do you troubleshoot routing to alternate address?
I have seen thread before where users don't see DNAT packets coming in on the alternate address when there are IP packs in multiple subnets. Question is why?
This thread was automatically locked due to age.
