FireBox x700 routing question

[Guest]

Archived from groups: comp.security.firewalls (More info?)

I am in the stages of implementing a FireBox on a backup Internet
circuit. The circuit is at the Corp. Site.

Corporate Site: 10.20.x.x (ASN Router that we use as the gateway
10.20.1.1)
Remote Site (P-P T1): 10.10.x.x (gateway of 10.10.1.1)

I have the FireBox configured in Routed mode. I am able to get out to
the Internet at the Corporate site. I can access everything just fine
within my Corporate Site's Network (10.20.x.x). I can also SEE the
10.10.x.x network, but when i try to access any of the servers or
pc's, i get errors. I am guessing that i may need a Route put in so
the traffic knows where to go.

Hopefully i explained this clear enough, if not, let me know.

Thank you,
Mike

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Michael Gunsallus wrote:
> I am in the stages of implementing a FireBox on a backup Internet
> circuit. The circuit is at the Corp. Site.
>
> Corporate Site: 10.20.x.x (ASN Router that we use as the gateway
> 10.20.1.1)
> Remote Site (P-P T1): 10.10.x.x (gateway of 10.10.1.1)
>
> I have the FireBox configured in Routed mode. I am able to get out to
> the Internet at the Corporate site. I can access everything just fine
> within my Corporate Site's Network (10.20.x.x). I can also SEE the
> 10.10.x.x network, but when i try to access any of the servers or
> pc's, i get errors. I am guessing that i may need a Route put in so
> the traffic knows where to go.
>
> Hopefully i explained this clear enough, if not, let me know.
>
> Thank you,
> Mike

Without much knowledge of the network I would just check to make sure
your remote Site (10.10.X.X) has a route back to the Corporate Site.
Also are you able to log/debug traffic between those networks if so what
type of errors are seen?


Chad

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

I should have explained it better.......I dropped this FireBox in to
my existing network that is working. The FireBox was added for a
backup DSL circuit that i would like to use for my end-users
Web-Surfing and keep them off of my T-1 Internet Circuit.

all of my desktops at the corp site use 10.20.1.1 as their gateway.
all the users at the remote site are using 10.10.1.1. as their gateway
to the Corp site. This config. works fine, however, it also keeps my
users on the T-1 circuit for Internet.

For machines to use the DSL circuit via the Firebox, i have changed
their gateway to the IP of the FireBox (10.20.1.2). This is where i
run into the problem with accessing the 10.10.x.x machines. That's why
i am assuming it's a route i must be missing in the FireBox??


On Fri, 16 Apr 2004 08:33:20 -0400, Chad Mahoney <spamme@mah0ney.com>
wrote:

>Michael Gunsallus wrote:
>> I am in the stages of implementing a FireBox on a backup Internet
>> circuit. The circuit is at the Corp. Site.
>>
>> Corporate Site: 10.20.x.x (ASN Router that we use as the gateway
>> 10.20.1.1)
>> Remote Site (P-P T1): 10.10.x.x (gateway of 10.10.1.1)
>>
>> I have the FireBox configured in Routed mode. I am able to get out to
>> the Internet at the Corporate site. I can access everything just fine
>> within my Corporate Site's Network (10.20.x.x). I can also SEE the
>> 10.10.x.x network, but when i try to access any of the servers or
>> pc's, i get errors. I am guessing that i may need a Route put in so
>> the traffic knows where to go.
>>
>> Hopefully i explained this clear enough, if not, let me know.
>>
>> Thank you,
>> Mike
>
>Without much knowledge of the network I would just check to make sure
>your remote Site (10.10.X.X) has a route back to the Corporate Site.
>Also are you able to log/debug traffic between those networks if so what
>type of errors are seen?
>
>
>Chad

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Michael Gunsallus wrote:

> I should have explained it better.......I dropped this FireBox in to
> my existing network that is working. The FireBox was added for a
> backup DSL circuit that i would like to use for my end-users
> Web-Surfing and keep them off of my T-1 Internet Circuit.
>
> all of my desktops at the corp site use 10.20.1.1 as their gateway.
> all the users at the remote site are using 10.10.1.1. as their gateway
> to the Corp site. This config. works fine, however, it also keeps my
> users on the T-1 circuit for Internet.
>
> For machines to use the DSL circuit via the Firebox, i have changed
> their gateway to the IP of the FireBox (10.20.1.2). This is where i
> run into the problem with accessing the 10.10.x.x machines. That's why
> i am assuming it's a route i must be missing in the FireBox??
>
>
> On Fri, 16 Apr 2004 08:33:20 -0400, Chad Mahoney <spamme@mah0ney.com>
> wrote:
>
>
>>Michael Gunsallus wrote:
>>
>>>I am in the stages of implementing a FireBox on a backup Internet
>>>circuit. The circuit is at the Corp. Site.
>>>
>>>Corporate Site: 10.20.x.x (ASN Router that we use as the gateway
>>>10.20.1.1)
>>>Remote Site (P-P T1): 10.10.x.x (gateway of 10.10.1.1)
>>>
>>>I have the FireBox configured in Routed mode. I am able to get out to
>>>the Internet at the Corporate site. I can access everything just fine
>>>within my Corporate Site's Network (10.20.x.x). I can also SEE the
>>>10.10.x.x network, but when i try to access any of the servers or
>>>pc's, i get errors. I am guessing that i may need a Route put in so
>>>the traffic knows where to go.
>>>
>>>Hopefully i explained this clear enough, if not, let me know.
>>>
>>>Thank you,
>>>Mike
>>
>>Without much knowledge of the network I would just check to make sure
>>your remote Site (10.10.X.X) has a route back to the Corporate Site.
>>Also are you able to log/debug traffic between those networks if so what
>>type of errors are seen?
>>
>>
>>Chad
>
>

Mike,

I see what is trying to be done you wish to split-tunnel traffic based
on destination. How is the connection betwwen the offices made?
IPSEC/VPN? Point-to-point? If a IPSEC tunnel is created you can then
tell your firewall to encrypt traffic to the remote network using one
route, and for all other traffic (internet) you then can specify another
route. I use this with the Cisco products am not familar with the
Firebox, however they should have some sort of documentation on
split-tunneling.


Chad

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

On Fri, 16 Apr 2004 09:12:49 -0400, Chad Mahoney <spamme@mah0ney.com>
wrote:

>Michael Gunsallus wrote:
>
>> I should have explained it better.......I dropped this FireBox in to
>> my existing network that is working. The FireBox was added for a
>> backup DSL circuit that i would like to use for my end-users
>> Web-Surfing and keep them off of my T-1 Internet Circuit.
>>
>> all of my desktops at the corp site use 10.20.1.1 as their gateway.
>> all the users at the remote site are using 10.10.1.1. as their gateway
>> to the Corp site. This config. works fine, however, it also keeps my
>> users on the T-1 circuit for Internet.
>>
>> For machines to use the DSL circuit via the Firebox, i have changed
>> their gateway to the IP of the FireBox (10.20.1.2). This is where i
>> run into the problem with accessing the 10.10.x.x machines. That's why
>> i am assuming it's a route i must be missing in the FireBox??
>>
>>
>> On Fri, 16 Apr 2004 08:33:20 -0400, Chad Mahoney <spamme@mah0ney.com>
>> wrote:
>>
>>
>>>Michael Gunsallus wrote:
>>>
>>>>I am in the stages of implementing a FireBox on a backup Internet
>>>>circuit. The circuit is at the Corp. Site.
>>>>
>>>>Corporate Site: 10.20.x.x (ASN Router that we use as the gateway
>>>>10.20.1.1)
>>>>Remote Site (P-P T1): 10.10.x.x (gateway of 10.10.1.1)
>>>>
>>>>I have the FireBox configured in Routed mode. I am able to get out to
>>>>the Internet at the Corporate site. I can access everything just fine
>>>>within my Corporate Site's Network (10.20.x.x). I can also SEE the
>>>>10.10.x.x network, but when i try to access any of the servers or
>>>>pc's, i get errors. I am guessing that i may need a Route put in so
>>>>the traffic knows where to go.
>>>>
>>>>Hopefully i explained this clear enough, if not, let me know.
>>>>
>>>>Thank you,
>>>>Mike
>>>
>>>Without much knowledge of the network I would just check to make sure
>>>your remote Site (10.10.X.X) has a route back to the Corporate Site.
>>>Also are you able to log/debug traffic between those networks if so what
>>>type of errors are seen?
>>>
>>>
>>>Chad
>>
>>
>
>Mike,
>
>I see what is trying to be done you wish to split-tunnel traffic based
>on destination. How is the connection betwwen the offices made?
>IPSEC/VPN? Point-to-point? If a IPSEC tunnel is created you can then
>tell your firewall to encrypt traffic to the remote network using one
>route, and for all other traffic (internet) you then can specify another
>route. I use this with the Cisco products am not familar with the
>Firebox, however they should have some sort of documentation on
>split-tunneling.
>
>
>Chad

Chad,

I got it. I added a network route for 10.10.0.0/16 -->10.20.1.1 all
is working now.

Thanks for your assistance.