View Single Post
Old 4th November 2019
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

I have had the opportunity to review the new graphic.

As I perceive it, your new subnet "$dmz_ops" has introduced a routing problem, because the subnet address (192.168.15/24) is not within the larger $dmz subnetwork (10.12/16). I believe there may be three ways to manage this new subnet. In recommended order:
  1. Use a subnet within the larger 10.12/16 $dmz address space.
  2. Add a route in Router 1 to the new $dmz_ops subnet through Router 2. Add a similar route in any device in $mgt or $ops that needs access to $dmz_ops to direct that traffic through Router 1.
  3. Configure Network Address Translation (NAT) and appropriate TCP/UDP port forwarding as needed in order to reach the $dmz_ops platforms.
I may try to recreate this pictorial in virtual machines as time permits later this week.
Reply With Quote