We purchased "gauntlet-type" proxy server firewall to complete our
perimeter defences project including connection to the Internet.
We are having problems of Internal clients being able to see (ping) the
Firewall and for the BSDI FireWall box to ping internal machines across our
internal router. I have prepared a rough diagram below then some
explanations.
I N T E R N E T
|
|
_______|_______
| |
| | Internet Router 194.bbb.ccc.1 s/net 255.255.255.0
|_______________|
|
|
___________|_____________________________ 194.bbb.ccc.* Network
|
|
|
_________|___________ Outside 194.bbb.ccc.9 s/net 255.255.255.0
| | Default Router 194.bbb.ccc.1
| Firewall |
|_____________________| Inside 172.17.100.1 s/net 255.255.0.0
|
|
_______________|_________________________ 172.17.*.* Network (B Class)
| |
| ______|______
| | W95 Client | 172.17.30.13 B S/net
| |_____________| Gateway 172.17.200.2
|
|
_________|_____________________
| 172.17.200.2 |
| Cisco Router |____________________ 172.20.*.*
| 172.16.200.2 | (B Class)
|____________|__________________|
|
|
____________|____________________________ 172.16.*.* Network (B Class)
|
|
_____|_______
| W95 Client | 172.16.30.11 (Gateway 172.16.200.2)
|_____________|
Note this is a test implementation of our final IP addressing Plan. Our
registered IP C Class is used on the outside of the FireWall proxy server
firewall 194.bbb.ccc.* and our inside of the Firewall we use a a 172.17.*.*
B class network to our internal Router which also has other non-internet
data feeds (eg 172.20.*.* above). On the inside of this internal router we
are planning to use the IP address 172.16.*.* B Class network.
Our problem is that clients on the 172.16.*.* network cannot ping (see) the
firewall as its default router (gateway) is set as 194.bbb.ccc.1. Also the
clients on the 172.17.*.* network can see the internal network only when
the gateway is set as the 172.17.200.2 interface of the Router. Therefore
it will not be able to see the Internet as all traffic is sent to the
inside not the outside. The other external connections work fine as they
all refer to their Internal Router port as their default router (gateway).
Obviously I need to determine how to solve this so that the external
traffic is directed to the Internet by the firewall and inside traffic
correctly through the Router to the 172.16.*.* subnet.
Any Assistance would be appreciated
Thanks in Advance
AMF
==========================================================================
Andrew M Forster [GMT +4] Email: forster @
emirates .
net .
ae
Phone: +9712 262556 or +9712 453613 Fax: +9712 465344
==========================================================================
Follow-Ups:
|
|
