Hello folks, I am in the process to migrate to a new ISP, and to implement a firewall solution for our corporate network. Although, the new router and firewall have been installed and our in operation, I am having some problems rolling it out to everyone. More specifically to our remote clients who most have consistent access to our production servers. Following is the scenario: Router1 connects to ISPa It is running ACL and NAT. Remote clients access internal hosts on the NAT subnet based on ACL rules. Hosts on private (NAT) subnet (x.x.x.0/255.255.255.0) use as default gateway x.x.x.254. New addition to migrate to new configuration: Router2 connects to ISPb via serial int. Ether int. connects to untrusted int. on firewall. I am running DMZ and Private using NAT on the firewall. Trusted int. on firewall connects to same private subnet as above (x.x.x.0/255.255.255.0) with gateway x.x.x.1. There a few servers already using this default gateway. In addition, I am implementing VPN tunnel connections from remote locations to main corporate network. This tunnel connections are established by the Trusted int. on each firewall, hence default gateway x.x.x.1 and for remote locations r.r.r.1 Here is the problems: If I am trying to browse or access a host on the main network from a remote location via the VPN tunnel, I will only see or access those hosts with default gateway x.x.x.1; but not those hosts with default gateway x.x.x.254 Then for those remote clients I mentioned at the beginning, they still can do their work; however, they can view nor access those new hosts with default gateway x.x.x.1...but of course, you will say!!!! These remote clients will get a firewall thus they will be able to VPN to our network through gateway x.x.x.1. To be successful I have to configure and setup all of these clients at the same time and do change on the default gateway on those hosts/server to x.x.x.1 and all should work fine; however, I can foresee trouble trying to kill all birds on one shot. If I can figure a way I can set STATIC IP ROUTE but I don't know where router/firewall/remote firewall/vpn remote client so that it can access hosts using gateway x.x.x.254 it would be ideal, Then I could roll one client at a time without affective connectivity and productivity, especially for those clients coming through the ACL on router1. They will be the one I will roll one-by-one. Sorry for the length of this problem; but your help or suggestions are needed. Hopefully with some examples as to do it. Thank you!!! Juan - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
