kecoak
asked on
Firewall,
the scenario is as follow:
client (192.168.1.4) --------- (192.168.1.1) firewall A(192.168.2.1) ---------------
(192.168.2.3)( Firewall B) (192.168.8.1) ---------------- server(192.168.8.2)
if Client want to connect to port 22 in Server,
1) what rule should I allow on Firewall A and Firewall B?
2. what NAT should I add on both firewall?
3. what static route should I add? i.e route destination mask nexthop
client (192.168.1.4) --------- (192.168.1.1) firewall A(192.168.2.1) ---------------
(192.168.2.3)( Firewall B) (192.168.8.1) ---------------- server(192.168.8.2)
if Client want to connect to port 22 in Server,
1) what rule should I allow on Firewall A and Firewall B?
2. what NAT should I add on both firewall?
3. what static route should I add? i.e route destination mask nexthop
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If FW-A receives a packet from client (192.168.1.4) destined for server(192.168.8.2) it checks to see if that network is directly connected.
It isn't so it then looks up its routing table and checks for a route to the specific network 192.168.8.x
If it doesn't find that then it will look for a default route to forward the packet to which is via the default gateway
Therefore setting the default gateway for FW-A to FW-B's IP address and vice versa would sort the problem out.
default gateway for FW-A = 192.168.2.3
default gateway for FW-B = 192.168.2.1
It isn't so it then looks up its routing table and checks for a route to the specific network 192.168.8.x
If it doesn't find that then it will look for a default route to forward the packet to which is via the default gateway
Therefore setting the default gateway for FW-A to FW-B's IP address and vice versa would sort the problem out.
default gateway for FW-A = 192.168.2.3
default gateway for FW-B = 192.168.2.1
ASKER
Firewall B needs a route to 192.168.1.4 via 192.168.2.1
can you explain this ?