0

I have a Watchguard XTM 8 series firewall, and it is setup in mixed routing mode. I have a /24 public IP range and I want to pass one of those IPs to another interface on the firewall WITHOUT using NAT - because I want to connect a Cisco router to it to do VPN Clients for Macs, which won't work behind NAT. Is there anyway to do this? I cannot figure it out for the life of me.

TessellatingHeckler
  • 5,726
  • 3
  • 26
  • 44
Preston Rodriguez
  • 3
  • 1
  • 2
  • I have tried creating a subnet of the /24 down to /30 on another interface...example pulic interface is 1.1.1.1/24 I created another interface of 1.1.1.253/30 and assigned 1.1.1.254/30 to the cisco router....I am able to ping .253 and .1 but I cannot ping beyond the router. I created firewall rules that allow any-external to/from the asa but still won't route beyond the watchguard. – Preston Rodriguez Aug 30 '11 at 16:46

1 Answers1

1

As they have a separate bridge feature that you need to configure - and you can't configure it to bridge external interfaces - I'm not too surprised it doesn't know how to deal with overlapping subnets configured on two external interfaces.

If you have a switch on the external side of the Watchguard, you could connect the Cisco router to it and they would both be in the same /24. You would lose having it behind the Watchguard, but that doesn't sound like a lot of change in security.

Otherwise, I think you need to look at drop-in mode.

The Watchguard SSL VPN client is available for Mac, too.

TessellatingHeckler
  • 5,726
  • 3
  • 26
  • 44
  • figured as much. I was able to put a switch on WAN side to accomplish what I needed. Didn't want to go that route and add another point of failure but it facilitates for now. – Preston Rodriguez Sep 21 '11 at 17:46