I have two firewalls in two sites, NOT connected. I 'm having the same problem in both sides: The Firewall is not capable of routing.
(There are not routers other than the ISP routers in the offices)
Site A, Subnet: 192.168.0.0/23 ... Default gateway for users: Firewall IP = 192.168.0.11
Site B: Subnet: 192.168.5.0/24 ... Default gateway for users: Firewall IP = 192.168.5.1
Both sides are connected thru a LAN extension. The router of the ISP (I don't have control over these) on both ends connects to a Switch.
LAN Extension IP for Site A: 192.168.0.49
LAN Extension IP for Site B: 192.168.5.45
User on Site B can not ping Site A. Place the following routes in the Firewall B:
route inside 192.168.0.0 255.255.254.0 192.168.5.45 1 (everything going to Subnet 192.168.0.0 use LAN extension IP)
route outside 0.0.0.0 0.0.0.0 67.x.x.161 1 (ISP given IP)
Users can not reach anything in Site A.
AFTER implementing the following command in EVERY USER in Site B, communication is achieved:
route add 192.168.0.0 mask 255.255.254.0 192.168.5.45
ping works now from site B to A.
Site A can not reach Site B.
Again, if I add the route in the Firewall and EVERY USER, they will be able to ping.
Why do I have to add it in every user ? How can I avoid this situation ?
Background: How was in the past and why are we having these problems now ?
The sites are pinging and working. We are replacing the Sonicwall firewalls for Cisco ASAs and that's when the routing problem appeared. We are implementing the ASA in Site A. Site B is ready and connected.
I don't have routers or Layer 3 switches to fix the problem.