IT-
asked on
Redirect IP Request to Specific Router / Gateway
I have just recently implemented a MPLS between two sites. Primary site has 192.168.92.xxx as it's IP range while the secondary site is setup with 192.168.200.xxx as it's IP range. Both are using subnet 255.255.255.0.
Primary site has a Firewall / Gateway setup that forwards communication to and from the Internet as needed. We now have another gateway / router in the network that when someone points to 192.168.200.xxx IP addresses we need to forward everthing to. What is the optimal / proper way of doing this within the network?
Do you change the forwarding in the primary gateway or do you do it with DNS somehow?
Thanks in advance.
Duane
Primary site has a Firewall / Gateway setup that forwards communication to and from the Internet as needed. We now have another gateway / router in the network that when someone points to 192.168.200.xxx IP addresses we need to forward everthing to. What is the optimal / proper way of doing this within the network?
Do you change the forwarding in the primary gateway or do you do it with DNS somehow?
Thanks in advance.
Duane
ASKER
There is a primary Gateway / Router (192.168.92.x22) that is already established in the primary network and forwards all appropriate external Internet network activity. We have added a second Gateway / Router (192.168.92.x32) for MPSL activity.
So we have 2 Gateways / Routers. 1 for external Internet activity and a 2nd just for the remote location used by the MPLS.
So we have 2 Gateways / Routers. 1 for external Internet activity and a 2nd just for the remote location used by the MPLS.
The .x32 router should be connected to a dedicated port (router port - not switch port) on the .x22 router and that port needs to be in the 192.168.200.0 network. You would then want to setup a static route in the .x22 router that forwards traffic destined for 192.168.200.0 / 255.255.255.0 to (next hop) 192.168.200.x32.
If you don't have a dedicated port on the .x22 router then you would need a dedicated router port .x32 router setup on the 192.168.92.0 network. In this case you would then want to setup a static route in the .x22 router that forwards traffic destined for 192.168.200.0 / 255.255.255.0 to (next hop) 192.168.92.xxx (IP of .x32 router's dedicated port.
Otherwise you would need to setup vlans & trunked ports on the routers. If this is the case, it will get a little more complicated.
It would help to know the hardware and port configuration you are using.
Is this kind of what you are looking for?
If you don't have a dedicated port on the .x22 router then you would need a dedicated router port .x32 router setup on the 192.168.92.0 network. In this case you would then want to setup a static route in the .x22 router that forwards traffic destined for 192.168.200.0 / 255.255.255.0 to (next hop) 192.168.92.xxx (IP of .x32 router's dedicated port.
Otherwise you would need to setup vlans & trunked ports on the routers. If this is the case, it will get a little more complicated.
It would help to know the hardware and port configuration you are using.
Is this kind of what you are looking for?
ASKER
This is definitely the direction that we are looking to possibly go.
Is it also possible to use our internal DNS to properly forward all request to 192.168.200.xxx to a specific IP address? I believe that would also resolve the issue.
Is it also possible to use our internal DNS to properly forward all request to 192.168.200.xxx to a specific IP address? I believe that would also resolve the issue.
DNS would resolve the device names to the proper IP addresses but you would still need some kind of layer 3 forwarding (routing) to get the packets to the correct router.
If your DNS server had a 2nd port that was within the 192.168.200.0 subnet, then you could use it to route the traffic to the .x32 router. Either way, whatever device you use for your gateway router is going to have to have at least one static route in it to make it work.
Can you list the type of routers you are using?
If your DNS server had a 2nd port that was within the 192.168.200.0 subnet, then you could use it to route the traffic to the .x32 router. Either way, whatever device you use for your gateway router is going to have to have at least one static route in it to make it work.
Can you list the type of routers you are using?
ASKER
Pirmary Router (Used as the Primary Gateway to forward all local traffice to the Internet)
192.168.92.x22
SonicWall 2400
Secondary Router (It will be forwarding and receiving IP packets from a remote location connected via MPLS)
192.168.92.x32
Adtran NetVanta 3448
192.168.92.x22
SonicWall 2400
Secondary Router (It will be forwarding and receiving IP packets from a remote location connected via MPLS)
192.168.92.x32
Adtran NetVanta 3448
OK, here we go:
Assumed settings - change to match your actual settings:
Adtran Internal IP = 192.168.92.x32
Sonicwall X2 (Lan) interface = 192.168.92.x22
unassigned sonicwall port = X4
Available IP to assign to port = 192.168.92.250
Login to the sonicwall (assuming enhanced OS)
1) Go to Network, address objects, add ...
Name = Adtran Router
Zone = Lan
Type = Host
IP address = 192.168.92.x32
* Save (OK)
2) Select Add again...
Name = MPLS Network
Zone = Lan
Type = Network
Network = 192.168.200.0
Mask = 255.255.255.0
* Save
3) Go to Network, Interfaces, Select an unassigned interface (X4 for example)
Click the Configure Icon
Zone = Lan
IP Address = 192.168.92.250 (or whatever IP you want within that subnet)
Mask = 255.255.255.0
Comment = Port to MPLS Network (or whatever description you would like)
* Save
4) Go to Network, Routing, Add
Source = Any
Destination = MPLS Subnet (from step 2)
Service = any
Gateway = Adtran Router (from step 1)
Interface = X4 (from step 3)
metric = 1
Check to Disable when not connected
* Save
Plug a cable from the adtran to the sonicwall (port X4 - or port from step 3).
You should be able to ping across the network. If not, try using a crossover cable. (depends on the port configuration on the adtran.
Let us know if this works.
Assumed settings - change to match your actual settings:
Adtran Internal IP = 192.168.92.x32
Sonicwall X2 (Lan) interface = 192.168.92.x22
unassigned sonicwall port = X4
Available IP to assign to port = 192.168.92.250
Login to the sonicwall (assuming enhanced OS)
1) Go to Network, address objects, add ...
Name = Adtran Router
Zone = Lan
Type = Host
IP address = 192.168.92.x32
* Save (OK)
2) Select Add again...
Name = MPLS Network
Zone = Lan
Type = Network
Network = 192.168.200.0
Mask = 255.255.255.0
* Save
3) Go to Network, Interfaces, Select an unassigned interface (X4 for example)
Click the Configure Icon
Zone = Lan
IP Address = 192.168.92.250 (or whatever IP you want within that subnet)
Mask = 255.255.255.0
Comment = Port to MPLS Network (or whatever description you would like)
* Save
4) Go to Network, Routing, Add
Source = Any
Destination = MPLS Subnet (from step 2)
Service = any
Gateway = Adtran Router (from step 1)
Interface = X4 (from step 3)
metric = 1
Check to Disable when not connected
* Save
Plug a cable from the adtran to the sonicwall (port X4 - or port from step 3).
You should be able to ping across the network. If not, try using a crossover cable. (depends on the port configuration on the adtran.
Let us know if this works.
ASKER
I think you have me very close to getting it! I am attaching a layout of our network as it truly is with all correct IP and Subnets for you.
I am receiving an error on Step 3 when configuring the interface. Subnet on this interface overlaps with another interface. This is true as it is the same network IP range and subnet as our primary X0 interface.
Anything additional you can provide, would be greatly appreciated.
Network-through-SonicWall-2400.jpg
I am receiving an error on Step 3 when configuring the interface. Subnet on this interface overlaps with another interface. This is true as it is the same network IP range and subnet as our primary X0 interface.
Anything additional you can provide, would be greatly appreciated.
Network-through-SonicWall-2400.jpg
ASKER
What I'm looking at now and wondering, is if X5 IP and the local Adtran need to be on completely different IP address / range from either the local or the remote networks.
Change X5 to 192.168.150.250
Change Adtran (192.168.101.225) to 192.168.150.240
The question that then comes up is, would I have access to the Adtran router at 192.168.150.240?
Change X5 to 192.168.150.250
Change Adtran (192.168.101.225) to 192.168.150.240
The question that then comes up is, would I have access to the Adtran router at 192.168.150.240?
Yes, that should work. You still should be able to access the the MPLS through their 192.168.50.xxx address. change the MPLS network object (step 2) to have the network address of 192.168.50.0. and use the X5 address as you set it up in the previous post.
ASKER
It did not work. I am including the exact setup. This is the exact setup that I currently have and it is not working to communicate to anything on x5.
Network-through-SonicWall-2400.jpg
Address-Objects.jpg
Interface.jpg
Routing.jpg
Network-through-SonicWall-2400.jpg
Address-Objects.jpg
Interface.jpg
Routing.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
We are awaiting the vendor to modify their switch to point back to our local x5 port. Once this is done, it looks like everything will be completed. We are confirming this is working first, then will accept a solution from above as it appears as though it was a couple of things causing issues.
We use Mikrotik routers that fulfill both functions - and they are used as the default gateways on both subnets. When a packet arrives on one of them - it gets forwarded over the (PPTP VPN) link to its' correct destination, as per routing table.