I hope you can help with this. I've attached a crudely drawn diagram which I hope will help.
Main office network: 10.0.135.0 /24
Client office network: 10.0.136.0 /24
Legacy network: 10.90.0.0 /16
Client VPN network: 10.136.128.0 /22
There are two issues that have me scratching my head.
Client Office Network has a core switch with an IP address of 10.0.136.1. All traffic goes out via the Checkpoint. Should the default gateway of this switch be the Checkpoint 10.0.135.6? Would I need static routes to solve the two issues above?
Any assistance would be gratefully appreciated.
I would say for your client network the core switch default would indeed the checkpoint however for you client vpn then they should be routed via the vpn tunnel and not the checkpoint nexthop.
is the VPN built between the ASA and the Checkpoint ? What reachability do you have, where do traceroutes stop ? It is hard to pinpoint the issue without seeing the configs of your devices, can you post those ?
Thank you everyone for your feedback so far.
I've attached a further (hopefully clearer) diagram. Please see Diagram 1a. This time, I've also added routes that I currently have configured on each device.
Routes on Vodafone router:
10.0.136.0 255.255.255.0 10.0.135.1
Routes on the Core switch:
10.0.136.0 255.255.255.0 10.0.135.6
10.136.0.0 255.255.0.0 10.0.135.6
Routes on Checkpoint:
220.127.116.11 192.168.19.11 255.255.255.255 UGHD 0 0 0 External
192.168.19.0 0.0.0.0 255.255.255.0 U 0 0 0 External
10.0.135.0 0.0.0.0 255.255.255.0 U 0 0 0 Internal
18.104.22.168 192.168.19.11 255.255.248.0 UGD 0 0 0 External
10.135.0.0 10.0.135.1 255.255.0.0 UGD 0 0 0 Internal
10.0.0.0 10.0.135.250 255.0.0.0 UGD 0 0 0 Internal
0.0.0.0 192.168.19.11 0.0.0.0 UGD 0 0 0 External
Users on 10.90.0.0 /16 are unable to access the 10.136.0.0 /16 network. Diagram 1b shows a traceroute from 10.90.0.0/16 to 10.136.128.1. It times out after hitting 10.0.135.1
Access the other way works fine. Users on 10.136.0.0 /16 can access 10.90.0.0 /16 fine but the traceroute looks odd to me. It can be seen in Diagram 1c.
Would you be able to review the routes I currently have in place and confirm where I'm going wrong please? I'd like to clarify that the routes I currently have in place are correct. Also, would like assistance on what route I need to add on the Fortigate.
Many thanks in advance.