Good day, I have seen similar problems before.
You must be doing some sort of proxying or NAT to allow Internet sites to communicate with hosts on the 192.168.10/24 subnet, right? So the site on the Internet has to have a path back to a NAT'ed or Proxied service through the 192.168.10/24 subnet in order to get to the VoIP Control Center at 10.4.6.200/32 (or whatever happens to be the IP address of that host). Hope this helps, Vijay -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bob DeBolt Sent: December 14, 2005 11:51 AM To: misc@openbsd.org Subject: routing question Greets I have a scenario that is simple but I am having trouble getting my head around. Inside a 192.168.10/24 network there exists a 10.4.6/24 network for VOIP. Everthing works fine. The issue I have is setting up a route for a third party VOIP management company who wants to access the VOIP control center via an SSL interface from the Internet thru the firewall to the VOIP control center. All of the data traffic on the data LAN has the router address of 192.168.10.1. The data side of the vlan router is 192.168.10.16 and the VOIP side on the vlan router is 10.4.6.253. To access the VOIP network one must go thru the 192.168.10.16 interface of he vlan router. Adding a route to a workstation on the 192.168.10 network to the 10.4.6 network using the 192.168.10.16 interface as the gateway works fine, thus allowing access to the SSL web interface. Adding a route on the firewall to the 10.4.6 network thru the 192.168.10.16 interface allows internal workstations to access the SSL web interface. The root of the problem I have is getting traffic from the Internet to the 10.4.6 SSL web interface thru the 192.168.10.16 interface of the vlan router. Anyone have experiece on this one? Bob D