I am having a hard time figuring out the best way to solve an issue. We have a third party managed router that provides an ipsec tunnel for one laptop to a government entity. Every once and awhile we lose connection to the government site and then a few days later it comes back. We currently have the router connected to our site router. We also have a static nat and two policies on our firewall that handle inbound and outbound connections. I want to remove the firewall as a potential issue. Here is where I get stuck. The laptop has a static ip address that hits a gateway on the third party router. This address is not part of our normal addressing scheme, it is an address that is part of the third party router network. It is then sent out another interface with an address on our network. This leads to our router, which hops to the core router, and then to the firewall. If I moved the third party router to our datacenter, what would be the best way to connect the laptop to the gateway? This would mean taking a laptop that needs to be on the same subnet as the gateway, but there would be two routers in between. The other option would be leaving in on site and creating a route that completely bypasses the firewall.
I do have a good bit of networking experience, but at the same time I am new to this job and am still learning how to properly configure a firewall.
No comments:
Post a Comment