How to route a private network outside ISA firewall?
Posted on 2011-11-01
Hi there, I'm fairly new to using firewalls in any sort of minorly complicated way, and am not sure how to configure it for this scenario.
I have two networks that share my internet connection on a small Cisco switch. My primary network uses ISA 2006 (for now) and let's say it has a public IP address of 188.8.131.52. The second network uses a Cisco ASA, which has a public IP address of say 184.108.40.206.
One of the requirements for the second network is that the primary network communicate with it through private IP address space. The idea here is that my primary network can put stuff onto the secondary network without it going out through the internet, and then the customer using the secondary network can pull the stuff off using an encrypted tunnel. The secondary network is configured to be the gateway (192.168.0.1) for the private network, and there's another server in there that listens only on 192.168.0.2 and for the sake of argument, FTP traffic (so port 21.)
From my primary network (which let's say uses 10.x.x.x), how can I route 192.168.x.x traffic through my ISA firewall?
I've tried using this route command to test it on the firewall:
route -f ADD 192.168.0.0 MASK 255.255.0.0 220.127.116.11
If I try to FTP from my firewall server (e.g., "ftp 192.168.0.2"), the second machine rejects it because it's trying to access the FTP port on it's public IP. What I need it to do is go through the 192.168.0.0 network.
What might I be doing wrong? Can I even do what I'm suggesting with ISA?
Thanks in advance for your help.