Advertising Management-Network - OSPF

KPS · November 6, 2018, 3:20am

Hi!

I am using the following config:

WAN 1 is connected to a DSL-modem. To reach the manamgent-IP of the DSL-modem, I have set up the Management-IP on the WAN-interface of the Balance ONE device.

→ I can reach the modem-management-IP from the local network.

Now I want to reach it from my remote-site. Can you tell me how to advertise that management-IP-network through OSPF?

Thank you for your help!

Regards,
KPS

asimula · November 6, 2018, 3:30am

Hi KPS, you can reach the local network from your remote site, via PepVpn between Balance in local site and a Balance in remote site, or you can connect the Balance One via IpSec VPN .

KPS · November 6, 2018, 4:10am

Hi!

@asimula
Thats not my problem… To be more precise:

BranchOffice is connected to HeadQuarter via Speedfusion Tunnel.
BranchOffice is using PPPoE on WAN1
BranchOffice has an additional ManagementIP on WAN1 to reach the management webinterface of the DSL-modem

→ I want to reach the management-IP of the DSL-modem from the headquarter.

MartinLangmaid · November 6, 2018, 4:16am

Is the default gateway on WAN 1 the same IP address (or at least in the same subnet) as the management IP?
If it is you can go to Network → OSPF on that balance One and manually add the WAN to be advertised over OSPF.

If its not - perhaps you’re using pppoe, then advertising it over OSPF will be a bit tricky.

I tend to set up an outbound policy rule on the remote device I want to access it from with the management IP as the destination and the PepVPN tunnel as the path. So when I try and access the IP, my local router forwards it to the remote one (the balance one in your case) which then knows to pass it to the modem on the WAN.

KPS · November 6, 2018, 5:01am

Hi!

@MartinLangmaid
No, its not the gateway. I am using PPPoE for the internet access and a second “management-ip” for the management.

I will try the outbound rule…

KPS · November 6, 2018, 5:10am

Hi!

@MartinLangmaid
OutboundPolicy is working fine - but not so nice. Do you see any possibility to advertise this from the client-side?

MartinLangmaid · November 6, 2018, 6:45am

No not immediately.

Or rather, yes you can advertise the additional IP on the WAN over OSPF, but the modem you want to route to would need to know a route back over VPN to the remote device you’re trying to access it from (so you’d need a static route on the modem to enable this) and the WAN would have to be in IP forwarding mode to allow the traffic back from the modem which isn’t really compatible with a topology that is using PPPoE.

The outbound policy method you’re already using is the only viable way to configure this I think.