Sorry for the delayed response.
Well, it seems you are in asymmetric routing configuration. As CG acts as a stateful firewall, requests and related responses should pass by the same network interface. In your configuration Web client/browser requests pass by the internal interface while responses to them pass by the external interface, hence an asymmetric routing that breaks the communication.
When you implement CG with 2 public IP addresses, your client (public) IP addresses should be known in advance (with static IPs) and can't be dynamic. This for 2 reasons:
- Avoiding asymmetric routing
- Restricting your CG usage to allowed users only
For a client having the IP address 10.0.10.1, you will have to add the following to your configuration:
Code: Select all
ip route add 10.0.10.1 255.255.255.255 192.168.0.57
access web add 10.0.10.1 255.255.255.255
(assuming that your internal gateway is 192.168.0.57)
I hope that I was as clear as possible.