I have an SSG-20 with multiple public subnets. One is external, the others are internal. Substitution addresses here for convenience.
Eth 0/0 - 1.1.1.1/28
Bgroup0 - 192.168.250.1/24
Subnets behind SSG - 2.2.2.1/28, 3.3.3.1/28, 4.4.4.1/28
We have the routes on the trust-vr to the 2, 3, 4 networks.
We can ping the routes from the SSG and anything internally.
The ISP is routing all of the networks to us successfully. I created a policy - any -> 2.2.2.1/28 allowed with logging - and I see all of the traffic, but none of it passes through.
If I attempt to ping the internal address from Eth 0/0 it fails.
There are firewalls and routers which own those subnets below the SSG.
So, how does one pass multiple subnets through the SSG?