I have a Linksys wireless router connected to a Juniper 5GT firewall. The router gets it's IP from DHCP on the Trust interface. It, in turn, gives out its own DHCP address range to wireless clients (which gives me two networks). From workstations connected to either device, I can ping the respective gateway addresses of the other. But I cannot "see" any devices on the other networks respectively.
Take a look at this PDF. It lists figures 1-7 explaining what I can and cannot do:
Figure 1: The Linksys router Connection Status, notice it receives a DHCP address from the 5GT
Figure 2: The local network parameters of the Linksys wireless router
Figure 3: Routes I created on the Juniper firewall
Figure 4: Policies I created on the Juniper firewall
Figure 5: Successful PING from a wireless client to the WAN IP of the Linksys device (remember, this is a dynamic address)
Figure 6: Successful PING of the Juniper firewall itself, the gateway address
Figure 7: Unsuccessful PING of a workstation beyond the firewall gateway address
What I have here are two network ranges that cannot "see" each other. Workstations on both sides are able to get onto the Internet no problem. But they cannot "see" each other. What's missing?