Hello, I have two routers that each have 2 connections: Internet and a point to point connecting to each other. I am trying to route from our 10.0.1.0 lan to a new private network: 192.168.10.0. This new network branches off the firewall on 10.0.0.0 and is not directly attached to either router. The policy below was already in place...
access-list 198 permit ip 10.0.1.0 0.0.0.255 any
access-list 199 permit ip 10.0.1.0 0.0.0.255 10.0.0.0 0.0.0.255
route-map ToSonicwall permit 10
match ip address 199
set ip default next-hop 10.1.1.1
!
route-map ToSonicwall permit 20
match ip address 198
set ip next-hop 10.0.1.254
set ip default next-hop 10.0.1.254
I tried adding a simple route statement as follows:
ip route 192.168.10.0 255.255.255.0 10.0.0.0
For some reason unknown to me this caused traffic to go through the firewall at 10.0.1.254 which I don't want. The problem is the traffic shows up at the destination firewall as coming from the outside interface of the other firewall and gets dumped as an ip spoof.
Tracing route to ftp01 [192.168.10.6]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 10.0.1.253
2 1 ms 28 ms 32 ms 10.1.1.1
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
I tried to add a new policy:
access-list 197 permit ip 10.0.1.0 0.0.0.255 192.168.10.0 0.0.0.255
access-list 198 permit ip 10.0.1.0 0.0.0.255 any
access-list 199 permit ip 10.0.1.0 0.0.0.255 10.0.0.0 0.0.0.255
route-map ToSonicwall permit 5
match ip address 197
set ip default next-hop 10.1.1.1
!
route-map ToSonicwall permit 10
match ip address 199
set ip default next-hop 10.1.1.1
!
route-map ToSonicwall permit 20
match ip address 198
set ip next-hop 10.0.1.254
set ip default next-hop 10.0.1.254
This did not help - it just sends 192 traffic to the Internet.
Any help would be appreciated, Thanks!