Hi All,
A heads up on the issue that I'm currently facing.
If I do the traceroute from remote site to Site A, the SSG box at remote site can reached the LAN (bgroup-trust) IP.
SSG140-> trace-route 10.10.10.27 from bgroup0
Type escape sequence to escape
Send ICMP echos to 10.10.10.27, timeout is 2 seconds, maximum hops are 32, trace from bgroup0/0
1 0ms 1ms 0ms 10.10.20.254
2 17ms 17ms 16ms 10.10.10.27
But if I trace-route from remote to the server, it failed to communicate
SSG140-> trace-route 10.10.10.7 from bgroup0
Type escape sequence to escape
Send ICMP echos to 10.10.10.7, timeout is 2 seconds, maximum hops are 32, trace from bgroup0/0
1 1ms 1ms 0ms 10.10.20.254
2 41ms 15ms 15ms 10.10.10.27
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
At Site A, the SSG box can reached the server since it is in the same subnet:
ssg20-wlan-> trace-route 10.10.10.7 from bgroup0
Type escape sequence to escape
Send ICMP echos to 10.10.10.7, timeout is 2 seconds, maximum hops are 32, trace from bgroup0
1 5ms 2ms 2ms 10.10.10.7
Trace complete
It seem like the SSG box in Site A didnt allow the communication from remote site to the server. But it allow the communication from remote LAN to Site A LAN via VPN tunnel.
Do I need to add addtional VR routing to enable Bgroup (LAN) to allow communication from remote site to the server IP?