Remote subnet routing

toastposter · Sep 27, 2018, 8:53 AM

Hi!
I have a problem connecting to a remote subnet:

Setup is as following:

We have a transfer network setup in between our premises, local and remote. It's transparent, physical and reserved for only this use. The production and the office network is kept separate, and on separate physical interfaces. The bridge for the production interfaces ixl0 and ixl1 is done in pfsense. There is a floating quick rule allowing all traffic on interfaces ixl0,ixl1,ixl5 and the virtual bridge interface, and no other rules. ixl5 is set as a gateway, and static route is set to 192.168.6.0/24 via this gateway. I would need the workstations on local production network to be able to communicate to the DNS and the production servers on the remote production network.

2 problems:

On local pfsense , I can ping to the remote firewall on it's interface 10.0.4.33, but not able to ping to the destination address 192.168.6.22.
On the production workstation A (Win10) I can ping 192.168.1.254, but can not ping to 192.168.6.22. On workstation there is a route set as following: "route add 192.168.6.0/24 192.168.1.254". Can not ping to 10.0.4.34 either, but that's obvious as there's no need to have a route to the transfer network, but only to destination, is it?

The remote site is double checked, and the firewall (Palo Alto I assume) should be configured correctly to allow ICMP and the other protocols needed, including routing.

Can you find something in the local setup which is wrong and I'm not getting it? I would not need to NAT anything, do I?

Many thanks in advance.