Link to home
Create AccountLog in
Avatar of MikeC7
MikeC7

asked on

Two Subnets in Different Buildings Using 1 ISP

Right now we have two buildings connected over Fiber and the switches have VLANs setup on them for each subnet.

We have them configured with static routes on the switches to be able to communicate between the buildings.
Building one, 192.168.0.0 can communicate with bulding 2, 192.168.1.0 without a problem.

We have DHCP issue the default gateway as our primary switch in each building
192.168.0.1 - building 1 primary switch
192.168.1.1 - building 2 primary switch

Each Cisco switch is configured to have IP Routing Enabled and we have that configured to route 0.0.0.0 to the IP address of our Firewall
As an example building 1's switch routing is pointing to 192.168.0.225 which is our Firewall connected to our ISP.

How can I configure building 2 users to use the Firewall in building 1? I've tried adjusting the switch in building 2 to IP route to the primary building 1 switch, that didn't work. I've tried using the FIrewall address itself, that also didn't work. When using the VLAN IP address that is routed to building 1 we had some luck that it now traced a request to our primary firewall but then got lost in the mix. I did have an 'any to any' ACL rule allowed which should haven't blocked anything.

Our primary firewall has a static route for the 192.168.1.0 network pointing to the primary switch in building 1. Building 2 is able to access the firewall over IP after this was enabled.

Any suggestions? Do I need to configure a second port on our firewall with the 192.168.1.xxx address and try using that one?
SOLUTION
Avatar of mikebernhardt
mikebernhardt
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
ASKER CERTIFIED SOLUTION
Avatar of Predrag Jovic
Predrag Jovic
Flag of Poland image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
Avatar of MikeC7
MikeC7

ASKER

Thanks everyone, the real issue that I couldn't figure out is what PredragJovic suggested. I had to look at our NAT masquerading to allow the other subnet out to the internet. Worked like a charm after I did that.