Access to the local subnet from the WAN interface (NAT RULE?)

Question

Hello everyone! 
 
 I have 2 SOPHOS firewalls in two different buildings, connected by Long Range Aerials (point to point). 
 FIREWALL 1 is configured like this: 
 LAN 192.168.122.X (Aerial 1 is part of this DHCP pool) 
 WAN public IPs (static) 
 
 then FIREWALL 2 is configured like this: 
 LAN 192.168.111.X 
 WAN 192.168.122.X (DHCP from FIREWALL1 LAN ZONE) 
 
 I need to grant access to the subnet 192.168.111.X by all the devices connected to the Firewall 1 LAN ZONE 192.168.122.X. 
 
 Which one is the best practice for this situation? At the moment i granted a RDP access to a specific host in the LAN 111 by using a NAT RULE. 
 But what if i need to access the whole subnet instead of a specific host? 
 
 Thank you in advance. 
 
 Matteo

dirkkotte · Answer

Hi Matteo, 
 first of all I would suggest not to connect a router (FW2) behind a client network. 
 create a new transfer/transit subnet for the connection between FW1 and FW2 (otherwise you may get asymmetric routing) 
 but also possible: however you can add a route via FW2 to any 192.168.122.x device to reach the 192.168.111.x subnet directly

Access to the local subnet from the WAN interface (NAT RULE?)

Top Replies