SSG5 Static Routes



  • This is my Lab Scenario Site-A and Site-B both has SSG5 firewalls and their respective Lans.

    (172.16.0.0/23)lan–firewall(192.168.1.100/24)-----firewall(192.168.1.200/24)----lan(192.168.3.0/26)

    Firewall A

    bgroup0(e0/2-e0/6)  (172.16.0.1/23)          trust-lan
          e0/0      (192.168.1.100/24)  Untrust
            Tunnel.1  192.168.2.9/30      trust

    Firewall B

    bgroup0(e0/2-e0/6)  (192.168.3.1/26)          trust-lan 
          e0/0      (192.168.1.200/24)  untrust
          Tunnel.1            192.168.2.10/30      trust

    i have created Static Route on Site A  set route 192.168.1.0/24 e0/0      192.168.1.200
                                  set route 192.168.3.0/26 Tunnel.1 192.168.2.10
                                  set route 192.168.2.0/30 Tunnel.1 192.168.2.10

    i have created Static Route on Site B  set route 192.168.1.0/24 e0/0 192.168.1.100
                                  set route 192.168.3.0/26 Tunnel.1 192.168.2.9
                                  set route 192.168.2.0/30 Tunnel.1 192.168.2.9

    Questions

    Am not able to ping Lan-B from (Firewall A or Lan A) and vice Versa.
    Am able to ping Untrust on either sides from firewalls. 
    am able to ping Tunnel interfaces from FirewallA,B but not from LanA, LanB

    what policy need to be created so that i can ping Lan B from Lan A and vice versa?
    I have used Tunnel Interfaces as gateways for creating static routes is that correct?



  • You need to add at least Untrust->Trust policies in both sides to get visibility in both directions.


 

54
Online

38.4k
Users

12.7k
Topics

44.5k
Posts