Need help with routing table entry...

[rsullivan2704]

Hi all, I hope someone can help me.

I have a Symantec Gateway Security 360 appliance as the external gateway/firewall on my network. The external wan port is configured to the static ip from my isp, and the internal lan address is 192.168.0.33/27.

I recently added another similar gateway device (Firewall/VPN 100), and configured the wan port on this device as 192.168.0.35/27 and connected it to a lan port on the 360. I set the internal lan of this unit to 192.168.0.1/27.

I added a routing table entry on the new gateway to forward packets to the first gateway, through the wan port (destination ip:192.168.0.33/27, gateway:192.168.0.35, interface:WAN), and I can communicate with that subnet from the new network.

However I've tried adding a number of different routing table entries on the original router, to allow communication from the original subnet to the new one, to no avail. For example, I've tried the following:

• destination ip:192.168.0.1/27, gateway:192.168.0.35, interface:LAN
• destination ip:192.168.0.1/27, gateway:192.168.0.35, interface:WAN
• destination ip:192.168.0.1/27, gateway:192.168.0.33, interface:LAN
• destination ip:192.168.0.1/27, gateway:192.168.0.33, interface:WAN

None of which allowed me to ping the new gateway from a computer on the original network. Using the first entry above, after checking the log on the Firewall/VPN 100, it seems to be blocking the ping as a port scan attack. See the below log entry:

UTC Time Message Source Destination Note
01/21/2009 21:58:12.83 Port Scan attack !!! 192.168.0.38 192.168.0.1 ICMP

I have the access filter set to "No Restrictions".

Does anyone have any thoughts? If you need more info, or if I haven't explained something properly, please let me know.



TIA,



Rob