Hi,
So i've been working on an odd issue which i'd like to get a second opinion on, firstly let me state, this isn't an ideal setup, however it is what it is (as it's a bit of a interim fix)
As a picture in these situations can be of assistance, i've done up a diagram which essentially shows what is in place, and i'll then explain what im trying to do.
Essentially the goal is to be able to easily get to the machines sitting behind the UTM/Firewall from the Internal Machine sitting behind the Private LAN Switch.
So far, in the current running config from the Internal Machine, we can connect to the Public IP associated to the UTM/Firewall which is via the DMZ.
Now, this is where the whole multiple subnet single lan come in, all those machines all have layer 2 connectivity, they are only logically seperated by being in a different subnet, the reason for this is that there was limited time, and no vlan trunking going on etc.
let's call the subnet that Internal Machine is on as A, and the subnet that Web Server 1 & SQL Server 1 are on is B.
So, option 1 which was attempted;
Setup an IP in Subnet B so that the physical interface has an A & B subnet IP, then setup the UTM/Firewall to have a static route to Subnet A via it's LAN Nic.
This resulted in the UTM's public IP becoming unavailable, and from the Core Router/Firewall we seemed to also loose the ability to connect to the Public IP, but could at least ping the internal IP's.
Then i attempted option 2. which was to setup an IPsec tunnel from the Core Router/Firewall to the UTM/Firewall using just the public IPs.
As soon as the IPsec appeared to come up (looking at logs), we lost the ability to connect to the UTM/Firewall's public IP.
So, my theorys (which may be completely unfounded)
Option 1, because of the layer 2 being the same might be creating some kind of loop that maybe STP is shutting down, either that or maybe it needs Proxy-ARP implemented?
Option 2, i've no idea why it's doing that, in theory it should be routing to that subnet via the VPN tunnel, and it no longer has an interface on the Core Router/Firewall so it's not like there is two routes or anything like that into the B subnet.
Any ideas on what steps i should next take on this?
Thanks!