My existing network 192.168.25.0 is running out of ip's and were wanting to add some new ip cameras. We simply can't make the switch to a 10. address pool at this time so I would like to utilize an old Cisco 2811 router as an interim fix for the time being.

Right now we have the 192.168.25.0 (left) network running and using the Fortinet firewall device (192.168.25.1) as our gateway to the internet.

Configured the 2811 interface fa0/0 to the .25 network (192.168.25.254) and fa0/1 to the “new” .20 network (192.168.20.254). We have a Windows 2012 server on the .25 network handling DHCP and DNS.  I’m using the cisco 2811 for DHCP on the .20 network with an ip helper address pointing to the Windows server over on the .25 network (25.202)

From the .20 network: I was able to ping all .25 addresses except the 25.1 (Fortinet gateway). None of the .25 devices could ping the .20 devices until changing the DHCP gateway payload to .25.254 (cisco router interface) instead of 25.1 (Fortinet)

Both networks started talking like a champ, but can't get to the Fortinet gateway (25.1) the internet.

Tried playing with some ACL’s (that I know very little about) with no positive results. So here I sit so broken hearted.

Could someone explain to me how can I get the .25 and .20 networks communicating back and forth yet have my internet traffic route to the .25.1 Fortinet Firewall?

Attached is my present config from packet tracer. Above is a diagram that might make sense now after reading this spill.

Thanks..