I have a financial services client that currently connects to their data processing company via 56k frame relay. We are in the process of migrating them to Internet based VPN connections from each branch to the data processing company.
We have installed Fortigate 60C units at all branches, and the Internet is working fine on them.
The data processing company requires they connect to them via a dedicated Checkpoint VPN appliance. They requested we provide them with an IP in the DMZ for their checkpoint device. The checkpoint device connected directly to the ISP' s modem with a static IP. The checkpoint then creates a vpn to the data processor, using the 10.1.1.x network. Their are 5 IPs that the client needs to be able to access, 10.1.1.1 - 10.1.1.5.
The network configuration looks like this.
Local network 192.168.2.x --> Firewall 192.168.2.1
DMZ port on the firewall 192.168.200.1
DMZ IP assigned to Checkpoint 192.168.200.2
We have the standard 0.0.0.0 route to the Internet, and as I said, that works fine.
We then installed static routes as follows:
Destination 10.1.1.1/24 - gateway 192.168.200.2
The data processing company is telling us that the source IP needs to be the actual local network, not an IP in the DMZ. I don' t see how that is possible since we have to have an IP in the DMZ assigned to the firewall.
Am I missing something?
Thanks for any help you can offer.