Two Gateways On Same Subnet

Looking for some advice. I have a Qwest PRN WAN connecting all of our field
offices to our corporate office, using Cisco 1800 routers and then our main
firewall is a Cisco ASA 5510. Our Qwest gateway is 192.168.2.1 and our
firewall is 192.168.2.50. Our Exchange server and three other main Windows
Server 2003 file servers that everybody outside of the corporate use have the
192.168.2.50 set as their gateway on the NICs. This is so remote users
outside of the WAN have no connectivity issues. All other computers use the
192.168.2.1 for their gateway through Qwest. We are having connection issues
where anybody using 192.168.2.1 as their gateway cannot see any computers
using the 192.168.2.50 as their gateway. My question is, how can you make
both gateways see each other so that every computer can see one another? Is
it something that can be done through Windows? I have already tried
different methods of routing within the Cisco equipment but are unsuccessful.
A Cisco engineer working for Cisco also saw that no ip routes or gateway
masking can be used. Any ideas how these two gateways can point traffic at
each other?

Any advice or ideas would greatly be appreciated. Thank you.

There is no easy way around that sort of problem. It usually involves a
reconfig of the network. Normally the remotes would connect to your edge
firewall which would be the default route for the LAN machines. The WAN
links are not a problem because you know what address range they use. You
can redirect their traffic pretty easily. But single remote users are a
problem.

Another way to solve remote access problems is to have the remote access
device "inside" the firewall/Internet gateway. You can then route the
traffic destined for a remote user (based on its private IP range which you
do know) to the remote access server. After it is processed (ie encrypted
and encapsulated) it continues to the Internet gateway device.

I can't really see why your LAN machines (other than the servers you
mention) are not also using the firewall as their default gateway. Does
sending all traffic through this device overload it?

A default route is used when no other route is defined for the target
address. The default route has to point to your default gateway. There can
only be one of those. Normally both Internet access from the LAN and remote
access to the LAN require the use of a default route (because there is no
way you can know what the public IP address is going to be). There isn't any
way that you can decide what should go where based on its destination
address.

What device do your remote clients connect to? A Cisco might be able to
decide on one gateway rather than another based on the source address of the
incoming traffic from your remote clients. Windows can't.



Net Admin wrote:
> Looking for some advice. I have a Qwest PRN WAN connecting all of
> our field offices to our corporate office, using Cisco 1800 routers
> and then our main firewall is a Cisco ASA 5510. Our Qwest gateway is
> 192.168.2.1 and our firewall is 192.168.2.50. Our Exchange server
> and three other main Windows Server 2003 file servers that everybody
> outside of the corporate use have the 192.168.2.50 set as their
> gateway on the NICs. This is so remote users outside of the WAN have
> no connectivity issues. All other computers use the 192.168.2.1 for
> their gateway through Qwest. We are having connection issues where
> anybody using 192.168.2.1 as their gateway cannot see any computers
> using the 192.168.2.50 as their gateway. My question is, how can you
> make both gateways see each other so that every computer can see one
> another? Is it something that can be done through Windows? I have
> already tried different methods of routing within the Cisco equipment
> but are unsuccessful. A Cisco engineer working for Cisco also saw
> that no ip routes or gateway masking can be used. Any ideas how
> these two gateways can point traffic at each other?
>
> Any advice or ideas would greatly be appreciated. Thank you.

"Our Qwest gateway is 192.168.2.1 and our firewall is 192.168.2.50."

First problem is you are bridged to Qwest's network since you are
getting/using private ip.
Second problem appears to be that you have wkst/servers plugged in before
the firewall since they are using .2.1
Third problem is for the firewall to properly operate its wan interface
should have a different ip subnet than the lan interface. Firewall with
lan/wan in same ip is a hackers dream.

So its not that you have a gateway issue but a larger config issue.

Didn't quite get the part about remote users. Usually you would have a wan
subnet, then your firewall/vpn appliance, then your lan which is on a private
ip subnet. All lan devices have to go thru the firewall to gain internet
access. Only one gateway ie. the lan ip of the firewall. Outside staff
would vpn thru the firewall to your lan.