Thanks for all the responses. I guess I should have figured a product like this would have been designed to account for a situation like this. After an entire week of pounding my head against the wall trying to fix this issue, and then find checking a checkbox on a couple of tunnels corrects it...*Sigh*
To recap the answer given (and what appears to be working for me now): Firewall 1 is left alone with its original configuration. I've got a router attached to the PSN interface on Firewall 2 routing traffic to the switch that the servers and the PSN interface on Firewall 1 are attached to. Both firewalls have static routes pointing at each other. Then, go into firewall 2, set up the aliases/filters/tunnels as normal. The important difference is that the tunnels on firewall 2 have had the 'Hide Source' option check-marked. Voila! I understand how that works now. Firewall 2 strips off all the source IP information from the packets. When it communicates to the server, it shows up as the original source IP. When the server sends the response back out, it goes to its default gateway (firewall 1). The firewall sees the header info and says 'Ahh, 10.0.1.1 sent this packet...My static route table says to go over here [the router between the PSNs].' The in-between router doesn't have a lot of smarts programmed into it. It pretty much is set up only to route traffic between 10.0.0.0/24 and 10.0.1.0/24. Firewall 2 then receives the info, and I assume at that point it re-attaches the header it stripped off and sends the packet on its merry way up its own default gateway (ISP2's router). I guess I really really need to read my GB manual thoroughly. I've been using this product for a long time, and apparently still have a lot to learn. Thanks again for everybody's help! Christopher ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/
