Passing traffic to a non-cosco firewall over VPN

I've got a Cisco router with several subinterfaces running. There are 2 interfaces. G0/0 is a trunk link to a switch, and G0/1 is a connection to the internet.

There is a Watchguard firewall connected to the switch (the same one the router is connected to).

The firewall has a VPN established with another site. From that other site, hosts can access our servers. From our site, we are unable to access any of their hosts.

192.168.2.0/24-RemoteFirewall

OurFirewall-192.168.1.2->---switch---<-192.168.1.1-Router

I have a single static route setup for this remote site which points at our firewall. (ip route 192.168.2.0 255.255.255.0 192.168.1.2).

Is there something I'm missing? My router is the DFG for all subnets on our network, so if anyone is attempting to access the remote network, it will hit our router, which should point it at the firewall. I know that the firewall has routes to all subnets on our end.

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

shednik

Does the other end have a route back to 192.168.1.0/24? Looks like you have a route to get there but not to get back.

mzinz

shednik wrote: »

Does the other end have a route back to 192.168.1.0/24? Looks like you have a route to get there but not to get back.

It does, yes. That's the first thing that crossed my mind also.

Neeko

Since the servers on the 192.168.1.0 network can be accessed from the remote site, you can assume all the correct routing statements are present at both sites.

It may be worth checking to see if there are any VPN access restrictions on the remote firewall.

jason_lunde

Do you have any NAT running?

mzinz

jason_lunde wrote: »

Do you have any NAT running?

Hmm good point. I'll look into this and access restrictions.