We just redesigned our datacenter and put in a DMZ. My problem is that we have some private lines that connect to a router which sits in the private network section behind the Firewall and I need to communicate with some servers (web, DNS) in the DMZ from the router for monitoring and replication, etc. It's our DR site.
I'll try to explain the design:
The private network is 10.0.200.0/24 behind the firewall
The firewalls inside interface is 10.0.200.1
The outside interface is 10.0.201.1 and 10.0.201.0/24 is the DMZ network.
The router is connected to the private network on 10.0.200.2
The remote network connected to this router is 10.0.100.0/24
The remote network 10.0.100.0 can connect to the private network 10.0.200.0 but not the DMZ 10.0.201.0.
My question - is it possible for me to access any of the 10.0.201.0 addresses from the 10.0.100.0 network?
I've tried setting up some routing, but can't get anything to talk back through the PIX and then back over the router to 10.0.100.0.
Impossible? or do I just need some creative routing and ACLs on the PIX running 8.0? If this is not clear, let me know.