WG Firebox X700 - need help routing to secondary network

I have a Watchguard Firebox x700.  I have a policy that allows an outside client that just happens to be our hosted web server and it needs to access a PC on the network 192.168.1.0/24 for SQL. The Firebox also has a VPN tunnel to our other office in South Carolina. It's on a seondary network of 192.168.3.0/24.  The same outside client (web server) needs to also access a PC on the .3 network.
As a remote user, I can VPN into the Firebox and access all the PCs on the .1 network but can't access the .3 network.  I have to use a seperate VPN connection to the Firebox and leave "use default gateway" checked to access the .3 network.  Of course, all my internet connections aren't available as long as that VPN connection is up.
I have a policy on the firebox that nats the web server directly to the .1 PC for SQL access and this works fine.  I'm having a rough time trying to get to the .3 network. I have several public IPs available to use for the nat just like I do for the .1 network.

How can I create a policy to nat public IP xxx.xxx.xxx.97->192.168.3.6?
WG1.png
lantervjAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

lantervjAuthor Commented:
My only other option is to go directly to the Cisco box in front of the .3 network but I can't seem to get the config right.  That would be the best option anyway.
0
dpk_walCommented:
As you already have .3 network as part of secondary network on trusted interface you can add this subnet as allowed resource.
As oer your description looks to me that .3 subnet is behind a cisco router; so on your cisco router you need to configure access from the remote user virtual IP address and return traffic access as well.

Please let know if there is a different setup.

Thank you.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.