Options
Passing traffic to a non-cosco firewall over VPN
I've got a Cisco router with several subinterfaces running. There are 2 interfaces. G0/0 is a trunk link to a switch, and G0/1 is a connection to the internet.
There is a Watchguard firewall connected to the switch (the same one the router is connected to).
The firewall has a VPN established with another site. From that other site, hosts can access our servers. From our site, we are unable to access any of their hosts.
192.168.2.0/24-RemoteFirewall
OurFirewall-192.168.1.2->---switch---<-192.168.1.1-Router
I have a single static route setup for this remote site which points at our firewall. (ip route 192.168.2.0 255.255.255.0 192.168.1.2).
Is there something I'm missing? My router is the DFG for all subnets on our network, so if anyone is attempting to access the remote network, it will hit our router, which should point it at the firewall. I know that the firewall has routes to all subnets on our end.
There is a Watchguard firewall connected to the switch (the same one the router is connected to).
The firewall has a VPN established with another site. From that other site, hosts can access our servers. From our site, we are unable to access any of their hosts.
192.168.2.0/24-RemoteFirewall
OurFirewall-192.168.1.2->---switch---<-192.168.1.1-Router
I have a single static route setup for this remote site which points at our firewall. (ip route 192.168.2.0 255.255.255.0 192.168.1.2).
Is there something I'm missing? My router is the DFG for all subnets on our network, so if anyone is attempting to access the remote network, it will hit our router, which should point it at the firewall. I know that the firewall has routes to all subnets on our end.
_______LAB________
2x 2950
2x 3550
2x 2650XM
2x 3640
1x 2801
2x 2950
2x 3550
2x 2650XM
2x 3640
1x 2801
Comments
-
Options
shednik
Member Posts: 2,005
Does the other end have a route back to 192.168.1.0/24? Looks like you have a route to get there but not to get back. -
Options
mzinz
Member Posts: 328
Does the other end have a route back to 192.168.1.0/24? Looks like you have a route to get there but not to get back.
It does, yes. That's the first thing that crossed my mind also._______LAB________
2x 2950
2x 3550
2x 2650XM
2x 3640
1x 2801 -
OptionsNeeko
Member Posts: 170
Since the servers on the 192.168.1.0 network can be accessed from the remote site, you can assume all the correct routing statements are present at both sites.
It may be worth checking to see if there are any VPN access restrictions on the remote firewall. -
Optionsmzinz
Member Posts: 328
jason_lunde wrote: »Do you have any NAT running?
Hmm good point. I'll look into this and access restrictions._______LAB________
2x 2950
2x 3550
2x 2650XM
2x 3640
1x 2801