This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

routing problem to dmz of second firewall

hello everybody,

i have to solve the following problem:

in our environment we have two firewalls which are connected to an internal lan (192.168.0.0/255.255.252.0). over fw1 (192.168.3.20) we get a roadwarrior connection (vpn) to the internal lan. the roadwarrior clients use the ip adress range 10.171.131.0/255.255.255.0.
the second firewall, fw2, has a DMZ (192.168.12.48/255.255.255.248) and we want to reach systems there over special services (i. e. remote desktop client).

we have already tried different routing rules on the fw1:

- static routing
- policy based routing
- to add a route manually at the connected client

can anybody help me please?

thanks
toette

This thread was automatically locked due to age.

Parents

0 ClausP over 19 years ago

Does fw2 know how to reach 10.171.131.0/255.255.255.0 ? Any route to fw1 ?
Cancel
Vote Up 0 Vote Down

Cancel
0 toette over 19 years ago in reply to ClausP

hello claus,

first thanks for the quick answer. on fw2 exists the following static route:

network: IPSecPool1fw1
target: >

but it isn´t possible to ping the virtual vpn ip.

toette
Cancel
Vote Up 0 Vote Down

Cancel
0 ClausP over 19 years ago in reply to toette

[ QUOTE ]

network: IPSecPool1fw1
target: >

[/ QUOTE ]

> of fw1 or fw2 ? Should be fw1..

Or points the def. gateway from fw2 to fw1 ?
Cancel
Vote Up 0 Vote Down

Cancel
0 toette over 19 years ago in reply to ClausP

which gateway setting do you mean exactly on fw2?

only the external interface has a gateway pointing to the router of our internet service provider
the ohters have the gateway setting "none"

or do you mean something different?
Cancel
Vote Up 0 Vote Down

Cancel
0 toette over 19 years ago in reply to toette

sorry, i forgot one information

i mean interface internal of fw2
Cancel
Vote Up 0 Vote Down

Cancel
0 ClausP over 19 years ago in reply to toette

Okay, fw2 needs a static route for the network ( IPSecPool1fw1) to the interface of fw1 (in network 192.168.0.0/255.255.252.0).

fw1 needs a static route for the dmz-network to the interface of fw2 (in network 192.168.0.0/255.255.252.0).

If I did not misunderstood the description above...
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 ClausP over 19 years ago in reply to toette

Okay, fw2 needs a static route for the network ( IPSecPool1fw1) to the interface of fw1 (in network 192.168.0.0/255.255.252.0).

fw1 needs a static route for the dmz-network to the interface of fw2 (in network 192.168.0.0/255.255.252.0).

If I did not misunderstood the description above...
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data