Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1350
  • Last Modified:

Redirect IP Request to Specific Router / Gateway

I have just recently implemented a MPLS between two sites.  Primary site has 192.168.92.xxx as it's IP range while the secondary site is setup with 192.168.200.xxx as it's IP range.  Both are using subnet 255.255.255.0.

Primary site has a Firewall / Gateway setup that forwards communication to and from the Internet as needed.  We now have another gateway / router in the network that when someone points to 192.168.200.xxx IP addresses we need to forward everthing to.  What is the optimal / proper way of doing this within the network?

Do you change the forwarding in the primary gateway or do you do it with DNS somehow?

Thanks in advance.

Duane
0
IT-
Asked:
IT-
  • 7
  • 5
1 Solution
 
AkmetraCommented:
Who handles the external routing at your sites - the same routers that keep the tunnel running, or is that a different piece of hardware?

We use Mikrotik routers that fulfill both functions - and they are used as the default gateways on both subnets. When a packet arrives on one of them - it gets forwarded over the (PPTP VPN) link to its' correct destination, as per routing table.
0
 
IT-Author Commented:
There is a primary Gateway / Router (192.168.92.x22) that is already established in the primary network and forwards all appropriate external Internet network activity.  We have added a second Gateway / Router (192.168.92.x32) for MPSL activity.

So we have 2 Gateways / Routers.  1 for external Internet activity and a 2nd just for the remote location used by the MPLS.
0
 
dosdet2Commented:
The .x32 router should be connected to a dedicated port (router port - not switch port) on the .x22 router and that port needs to be in the 192.168.200.0 network.  You would then want to setup a static route in the .x22 router that forwards traffic destined for 192.168.200.0 / 255.255.255.0  to (next hop) 192.168.200.x32.  


If you don't have a dedicated port on the .x22 router then you would need a dedicated router port .x32 router setup on the 192.168.92.0 network.  In this case you would then want to setup a static route in the .x22 router that forwards traffic destined for 192.168.200.0 / 255.255.255.0  to (next hop) 192.168.92.xxx (IP of .x32 router's dedicated port.

Otherwise you would need to setup vlans & trunked ports on the routers.  If this is the case, it will get a little more complicated.  

It would help to know the hardware and port configuration you are using.

Is this kind of what you are looking for?  
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
IT-Author Commented:
This is definitely the direction that we are looking to possibly go.

Is it also possible to use our internal DNS to properly forward all request to 192.168.200.xxx to a specific IP address?  I believe that would also resolve the issue.
0
 
dosdet2Commented:
DNS would resolve the device names to the proper IP addresses but you would still need some kind of layer 3 forwarding (routing) to get the packets to the correct router.  

If your DNS server had a 2nd port that was within the 192.168.200.0 subnet, then you could use it to route the traffic to the .x32 router.  Either way, whatever device you use for your gateway router is going to have to have at least one static route in it to make it work.

Can you list the type of routers you are using?
0
 
IT-Author Commented:
Pirmary Router (Used as the Primary Gateway to forward all local traffice to the Internet)
192.168.92.x22
SonicWall 2400

Secondary Router (It will be forwarding and receiving IP packets from a remote location connected via MPLS)
192.168.92.x32
Adtran NetVanta 3448
0
 
dosdet2Commented:
OK, here we go:
Assumed settings - change to match your actual settings:
Adtran Internal IP = 192.168.92.x32
Sonicwall X2 (Lan) interface = 192.168.92.x22
unassigned sonicwall port = X4
Available IP to assign to port = 192.168.92.250

Login to the sonicwall (assuming enhanced OS)

1)  Go to Network, address objects, add ...
Name = Adtran Router
Zone = Lan
Type = Host
IP address = 192.168.92.x32
*  Save  (OK)

2) Select Add again...
Name = MPLS Network
Zone = Lan
Type = Network
Network = 192.168.200.0
Mask = 255.255.255.0
*  Save

3) Go to Network,  Interfaces, Select an unassigned interface (X4 for example)
Click the Configure Icon
Zone = Lan
IP Address = 192.168.92.250  (or whatever IP you want within that subnet)
Mask = 255.255.255.0
Comment = Port to MPLS Network  (or whatever description you would like)
*  Save

4) Go to Network, Routing, Add
Source = Any
Destination = MPLS Subnet   (from step 2)
Service = any
Gateway = Adtran Router    (from step 1)
Interface = X4                       (from step 3)
metric = 1
Check to Disable when not connected
*  Save

Plug a cable from the adtran to the sonicwall (port X4 - or port from step 3).
You should be able to ping across the network.  If not, try using a crossover cable. (depends on the port configuration on the adtran.

Let us know if this works.

0
 
IT-Author Commented:
I think you have me very close to getting it!  I am attaching a layout of our network as it truly is with all correct IP and Subnets for you.

I am receiving an error on Step 3 when configuring the interface.  Subnet on this interface overlaps with another interface.  This is true as it is the same network IP range and subnet as our primary X0 interface.

Anything additional you can provide, would be greatly appreciated.
Network-through-SonicWall-2400.jpg
0
 
IT-Author Commented:
What I'm looking at now and wondering, is if X5 IP and the local Adtran need to be on completely different IP address / range from either the local or the remote networks.

Change X5 to 192.168.150.250
Change Adtran (192.168.101.225) to 192.168.150.240

The question that then comes up is, would I have access to the Adtran router at 192.168.150.240?
0
 
dosdet2Commented:
Yes, that should work.  You still should be able to access the the MPLS through their 192.168.50.xxx address.  change the MPLS network object (step 2) to have the network address of 192.168.50.0. and use the X5 address as you set it up in the previous post.
0
 
IT-Author Commented:
It did not work.  I am including the exact setup.  This is the exact setup that I currently have and it is not working to communicate to anything on x5.
Network-through-SonicWall-2400.jpg
Address-Objects.jpg
Interface.jpg
Routing.jpg
0
 
dosdet2Commented:
Let's try a little different route.  Take a look at the attached diagram. (I assumed switches and I added them into the diagram.)  
1) Change the adtran port to a static, un-used IP address within your Local Network Subnet.
2) Connect the adtran to the switch (or otherwise to the X0 (local) Port on the sonicwall)

In the Sonicwall:
3) In Network, Routes > Delete the "MPLS Network to Anderson" Route
4) In Network, Interface > Remove the IP address from Port X5 (put back to default)
5) In Network, address Objects > Change the IP address of "adtran router - mpls anderson" host object to 192.168.101.xxx (static IP from step 1)
6) Go to Network Routing and add a route as follows:

Source = any
Destination = MPLS Network to Anderson
Gateway = adtran router - MPLS Anderson
Interface = X0  (or other local port)
Metric = 1
Check to Disable when not connected
* Save (OK)

See if that works.


RemoteNetwork.JPG
0
 
IT-Author Commented:
We are awaiting the vendor to modify their switch to point back to our local x5 port.  Once this is done, it looks like everything will be completed.  We are confirming this is working first, then will accept a solution from above as it appears as though it was a couple of things causing issues.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 7
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now