Sorry, I think I don’t describe my network Top clearly. My network ip address is 192.168.40.0/24.My firewall now is behind the cisco 2920 router. The firewall vlan ip is 192.168.40.5 . the router e0/0 is 192.168.40.1 ,the e0/0 is connected direct the firewall .And in my router I have a ipsec vpn to remote network (192.168.42.0/24), the vpn is working successfully.
Now I add the firewall working the transparent mode behind the router. And my intranet(192.168.40.0/24) can connect the the network(192.168.42.0/24) after set some policy in the firewall. But have still some problem.
1:now all my computer in my intranet can access internet .so I wrote some base ip policy to permit some ip to access internet. But the policy seem can not work success.
2:see below the policy setting, I have made five policy. Seem these policy is not effective. The id 6 policy I made is permit the 192168.40.0/24 to access the macau net(192.168.42.0/24)
The id 7 is full access permition of internet in the special ip group(such as 192.168.40.188) .id 8,9 permit the pop3 and smtp. But now if I enable the id 7, others policy disable. All the intranet ip can access the internet. I only hope ip address of 192.168.40.188 can have the full permittion. I have add the 192.168.40.188 to special group. Seem in the transparent mode ,the ip lay have not effect in the policy.