I need to make a this VPN on my firewall (outside interface of my firewall is the gateway)
IP distant Endpoint - Ip distant Gateway)---(My Router-My firewall-Ip of my server wish is the my endpoint.
My router has very simple config: it is 2 ports, one port on the internet, another one also with real IP, connected to the firewall. basically there is a default route that forward all the packets to the next hop on the internet (the provider gateway)
i possess 5 ethernet interfaces on my firewall, 3 of them are working: (1 outside with real IP), (1 inside with local ips (PAT) )and (1 intf3 with my second range of real IPs wish i created just for my VPN). I possess 2 ranges of real ips of 6 real ips each.
outside security: 0, inside 100, intf3 6
I already have 1 VPN established between one host on my inside interface and a distant host.
My first problem is that i can't access internet using hosts related to intf3.I don't understand why. The Ips on intf3 are all reals. on the firewall there is default route to my router. on the router a default route to my provider... The internet works fine for my natted interface.
Do i need to use natting to make connection to the outside ?! I mean firewall can be used to isolate networks.
If anyone intersted in helping me, i could provide my config in private.
Thanks, emailed you the solution. Let us know if that resolves the issue.
Please share config.
Assuming you do not have NAT statement on intf3, make sure that you disable nat-control: no nat-control.
That should allow intf3 with public ip to reach the Internet.