04-07-2010 10:14 PM - edited 03-11-2019 10:30 AM
I need to make a this VPN on my firewall (outside interface of my firewall is the gateway)
IP distant Endpoint - Ip distant Gateway)---(My Router-My firewall-Ip of my server wish is the my endpoint.
My router has very simple config: it is 2 ports, one port on the internet, another one also with real IP, connected to the firewall. basically there is a default route that forward all the packets to the next hop on the internet (the provider gateway)
i possess 5 ethernet interfaces on my firewall, 3 of them are working: (1 outside with real IP), (1 inside with local ips (PAT) )and (1 intf3 with my second range of real IPs wish i created just for my VPN). I possess 2 ranges of real ips of 6 real ips each.
outside security: 0, inside 100, intf3 6
I already have 1 VPN established between one host on my inside interface and a distant host.
My first problem is that i can't access internet using hosts related to intf3.I don't understand why. The Ips on intf3 are all reals. on the firewall there is default route to my router. on the router a default route to my provider... The internet works fine for my natted interface.
Do i need to use natting to make connection to the outside ?! I mean firewall can be used to isolate networks.
If anyone intersted in helping me, i could provide my config in private.
Thanks
Solved! Go to Solution.
04-08-2010 02:07 AM
Please share config.
Assuming you do not have NAT statement on intf3, make sure that you disable nat-control: no nat-control.
That should allow intf3 with public ip to reach the Internet.
04-08-2010 03:17 AM
Thanks, emailed you the solution. Let us know if that resolves the issue.
04-08-2010 02:07 AM
Please share config.
Assuming you do not have NAT statement on intf3, make sure that you disable nat-control: no nat-control.
That should allow intf3 with public ip to reach the Internet.
04-08-2010 02:32 AM
Sorry I can't share my config in public, but i sent it to you in private.
I need urgent help, i am not pro in firewall (not even beginner ) but my config seems logical to me.there should be internet access.
Thanks
04-08-2010 03:17 AM
Thanks, emailed you the solution. Let us know if that resolves the issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide