I recently decided to upgrade to an SSG5 from a dying WRT54G running dd-wrt. I figured the advanced features are worth the hassle of confiuring. Already I'm starting to think I've bitten off more than I can chew. Currently my setup looks like this:
e0/0 -> Untrust (DHCP from ISP)
e0/1-0/4 -> bgroup0 -> Trust -> (Running DHCP - 192.168.1.x)
e/05 - 0/6 -> bgroup1 -> LAN -> (Running DHCP - 192.168.2.x)
As I'm new to all this, I've been relying on the WebGUI for navigation and layout (I'm more of a visual learner).. My problem is, the built-in Trust zone will route traffic perfectly out the Untrust infterface. The 2nd bgroup however does not. Despite the ANY / ANY policies configured, I can't seem to get any traffic to pass properly back to the 2nd bgroup. I've checked everywhere in the GUI and from what I can tell the 1st and 2nd brgoups are configured exactly the same.
Things I've tried:
- Ensured both groups are set to NAT
- Ensured both groups have ANY / ANY rules set to ANY external address
I'm posting my config. Hopefully I'm missing something minor. - Thanks in advance for the help!