default gateways and routing

[groovin]

i am trying to visualize whats going on in my network so i can narrow down the problem.

basically, we have a VPN appliance that used to serve as the network default gateway. since it was being overloaded, i put another gateway (freebsd) online to act as the new default gateway and have an ipsec vpn to another branch office. the VPN appliance now sits on the network to handle mobile users that wish to vpn in from home.

everything works fine except for the mobile users. they can connect, but cannot route into the network.
suppose i have a mobile user that connects to the appliance and is issued ip 192.168.2.50 (Ill refer to it as 2.50) and a computer on the LAN at 2.100. 2.100 can ping and traceroute to 2.50 just fine. But 2.50 cannot ping and traces only to the LAN interface of the appliance. The appliance LAN address is 2.35 and the freebsd gateway LAN IP is 2.80.

if i change 2.100's default gate to the appliance, then communication works both ways.

I am trying to visualize the flow of traffic so I can narrow down where the problem might be... what effect does the default gateway play in all this? thanks

 

[ITJunkie]

can you post a quick diagram of how the hardware is layed out? ie Internet -> Router/gateway -> firewall etc. or something like that?

 

[ScottMac]

It sounds like you need a static route back out to the mobile network.

route add a.b.c.d mm.mm.mm.mm d.e.f.g

a.b.c.d = the mobile lan
mm.mm.mm.mm = the mask for that network
d.e.f.g = the next hop (the old default gateway or thing connecting the mobile LAN to the brick & morter LAN)

FWIW

Scott

 

[jonmullen]

I belive scott is right

 

[groovin]

thanks for the help guys