Routing and IP Spoofing
Hoping this is a simple one. I am in process of removing an old non-watchguard firewall from our datacentre and replacing it with a new V that we have installed to the same virtual networks. So the new and current firewall are both on the same trusted network.
I am trying to manage the new firebox via a vpn still setup on the current production firewall. I can get the ICMP packets to the new firebox, but they are denied as IP spoofing.
I have tried adding a static route to the new firebox, so it knows the network I am communicating from is 'behind' the current firewall, but it didn't help. I also tried adding it into a blocked site exception to no avail.
How can I get the new firebox to accept incoming packets from the trusted network, but from another IP range? I can access it via SSL VPN, but it is easier to just use the existing site to site VPN on the existing firewall.