Two Subnets in Different Buildings Using 1 ISP

Right now we have two buildings connected over Fiber and the switches have VLANs setup on them for each subnet.

We have them configured with static routes on the switches to be able to communicate between the buildings.
Building one, 192.168.0.0 can communicate with bulding 2, 192.168.1.0 without a problem.

We have DHCP issue the default gateway as our primary switch in each building
192.168.0.1 - building 1 primary switch
192.168.1.1 - building 2 primary switch

Each Cisco switch is configured to have IP Routing Enabled and we have that configured to route 0.0.0.0 to the IP address of our Firewall
As an example building 1's switch routing is pointing to 192.168.0.225 which is our Firewall connected to our ISP.

How can I configure building 2 users to use the Firewall in building 1? I've tried adjusting the switch in building 2 to IP route to the primary building 1 switch, that didn't work. I've tried using the FIrewall address itself, that also didn't work. When using the VLAN IP address that is routed to building 1 we had some luck that it now traced a request to our primary firewall but then got lost in the mix. I did have an 'any to any' ACL rule allowed which should haven't blocked anything.

Our primary firewall has a static route for the 192.168.1.0 network pointing to the primary switch in building 1. Building 2 is able to access the firewall over IP after this was enabled.

Any suggestions? Do I need to configure a second port on our firewall with the 192.168.1.xxx address and try using that one?
MikeC7Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

mikebernhardtCommented:
On the switch 2 switch, add a default route pointing all traffic to 192.168.0.1 (I assume that this is what the current static route points to).

On the firewall, add a route to 102.168.1.0/24 with a next hop of 192.168.0.1. You need to have the routes in both directions since the firewall doesn't directly connect to the LAN in building 2.
0
JustInCaseCommented:
Any suggestions? Do I need to configure a second port on our firewall with the 192.168.1.xxx address and try using that one?
You could do that and connect firewall directly to switch port of 192.168.1.0/24 VLAN.
There are usually few solutions for every problem. :)
mikebernhardt gave you one of the solutions that should work for vlan be able to  communicate with firewall.
But to go to internet you will probably also need to adapt your nat statement.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MikeC7Author Commented:
Thanks everyone, the real issue that I couldn't figure out is what PredragJovic suggested. I had to look at our NAT masquerading to allow the other subnet out to the internet. Worked like a charm after I did that.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.