We have a scenario we are trying to test. We have a webserver setup at one location (we’re calling it Downtown), network subnet of 192.168.0.0/24. We have another subnet at the same physical location called the Downtown Office, 192.168.4.0/24. There’s a second physical location (we’re calling remote, 192.168.5.0/24) that has a VPN tunnel established to the Downtown firewall. Finally, we have internet we’re calling EPB will some fake WAN addresses (10.100.100.0/24) along with one Public PC to test the VIP to the webserver at the Downtown location.
In this setup, everything works as expected, the webserver can be accessed by all parties, no problems.
The issue comes when we attempt to move the webserver to live under the Remote firewall.
After the move, the intention is to keep the VIP running at the Downtown firewall and route the traffic through the VPN tunnel into the Server network at the Remote firewall.
As far as we can tell, we have the routes, rules, and tunnels setup properly to allow the traffic, but the Public PC refuses to bring up the site from the Downtown firewall WAN IP. Everything else works as expected from the Remote and Downtown clients.
The idea here is we are testing the thought of moving a server environment before making any outside changes to help ease the pain of moving an entire server environment.
We intend to eventually move the DNS entries and so forth to point to the new firewall eventually, but it would encompass quite a bit and we are trying to spread out the changes and reduce downtime.
If this is possible, I’d like to know what we are missing.