It seems like you are running into a routing problem. I am making an assumption that the devices behind the firewall do not have their default gateway set to the firewall? If they did, then you would probably not have this problem.
Without chaning routing on the clients behind the firewall, I dont know how you are going to get around this problem.
Hope this helps,
Hi Mtuma, thanks for the anwser, I think the same, but I cannot find the exact problem. Here is more information about the configuration that I have
interface 1-0 external 126.96.36.199 / 29
interface 1-1 Internal 10.0.0.1 / 24
10.0.0.200 / 29
computer connected to 1-0
IP 188.8.131.52 (this is the vpn client)
the default route is 184.108.40.206 ( internet router), If I set the computer connected to 1-0 with the GW 220.127.116.11 still not working.
computer connected to 1-1
this computer cannot see my vpn client once is connected. and I have to set here an arp. by example
arp -s 10.0.0.201 MAC_ADDR_OF_INTERFACE 1-1
thanks a lot for your help
You have to add the ARP entry because the VPN network (10.0.0.200/29) is in the same network as your PC (10.0.0.5/24). Your PC cannot ARP for these addresses because they are not 'really' there on the network (they're on the other side of the VPN and ARPs are not propogated over a VPN).
There is nothing you can do on the firewall to 'fix' this the way it is setup right now. You must add ARP entries to point back to the firewall.
If you were to make the VPN network 10.0.1.200/29 (which is outside the network of your PC), your PC would send this traffic back to its default route (the firewall) with no ARP entries. Or, if you made the mask on your PC smaller so that this current 10.0.0.200/29 VPN network is no longer in the network of your PC, your PC would send this traffic back to its default route, the firewall.
It's working.... thanks a lot :-)
local and virtual subnets where changed to 10.0.1.0/24 and 10.0.1.200/29