Hello all,
I need of some support. New client, has 3 sites on MPLS layer 2 network (ELAN). Site A is the main office with an Internet connection that needs to be shared with the other two sites. Attached is a quick drawing of what we are dealing with. Need help on routing and if this can be done with these Peplink routers.
Thank you very much!
Currently we are testing two of the sites, Site A and B. From both router using the Ping tool on the routers we can ping the WAN interfaces. Cannot ping the LAN interfaces on the routers. Do we need outbound policies or firewall access rules to be able to see each routers LAN networks?
Whats the desired end goal here? Will you be adding additional WAN links to the balance routers?
Perhaps internet links to increase site to site bandwidth or so that internet access breaks out locally rather than going via Site A?
If you have the balance routers set up like this above and just want routing to work as is without additional bandwidth between sites then it sounds like you just need to set WAN one on all devices into IP forwarding mode then add static routes on each balance for each of the remote balance routers and you’re done.
Thank you for the reply.
We are not planning on adding any additional WAN link. We just need it to work they way it’s currently setup. So you’re saying to set the WAN1 links to IP forwarding instead on NAT? Is that on all the routers?
As for the static routes. Where do we set those at, Outbound policies or firewall access rules?
Thanks,
Shawn
Actually I’m wrong - apologies.
With the balance routers in that configuration you have two options.
Option 1 use a routing protocol on the MPLS connected WANs so that each balance knows how ro route to the LANs of the other balance routers. In this approach you would use IP forwarding on the WAN then configure OSPF or BGP to advertise the routes to the other balance routers.
Option 2 use pepvpn to tunnel over the MPLS network from site B & C back to Site A, the WANs can stay in NAT mode. This way you can add internet connectivity later if you want to increase bandwidth / resilience. The balance 20 is limited to 30MBps of (encrypted) VPN throughput (60Mbps unencrypted).
Either would work. Option 1 will let you use max throughput of 150Mbps over the WAN, Option 2 lets you add resilience and failover to 4G (via dongles on SIte B and C).
Martin,
Thank you for the information. I was able to ping from site B to site A after setting up OSPF on both routers. I haven’t had a chance yet to test from site C.
One thing that I was not able to do is access the Internet from site B. The only Internet connection is at site A which needs to be shared for all three sites. Any sugestions there?
Thank you
We are back working on this site again. We can get the OSPF working though we are not able to access the Internet from site B or C. Any suggestions?
Do you have the WAN IP of Site A set as the gateway IP on the WANs of sites B and C?
I do have the gateway on the WAN interface for site B and C set to the IP address of the WAN from site A.
From site B I can ping 10.1.1.1 which is the LAN 1 port on the router at site A. I can do that from the site B router and a PC on the LAN at site B.
I can also ping a server at site A from the site B router. I cannot ping that same server from the PC on the site B LAN.
Hello Martin,
After flashing the routers back to factory default and setting up OSPF again, we were able to get things to work.
The only issue we have now is access to the Internet from site B and C. The internet connection is at site A. We noticed we are able to ping to the internet, for example we can ping 8.8.8.8 from site B, though we cannot get to google.com.
what dns settings are the LAN devices getting? Did you set public DNS servers in the WAN settings page?
eg
Hello Martin,
We are now back on this project. The offices were closed for a while do to COVID-19.
We do have the DNS set at site B router to 8.8.8.8 and 8.8.4.4 on both the LAN and WAN interfaces. All devices at site B can ping by IP but not by name.
Thoughts?
If you use the ping tool on the router on site B, select the wan, can you ping a website by name and IP?
What IP is set as the gateway on the MPLS WAN at Site B and C is it Site A WAN.
What outbound policies do you have on site A router?
We’ll get back to you later today once we are back onsite we can only work on this after hours.
Hello Martin,
We were finally able to get back onsite today, office has been closed.
Using the ping tool on the router from site B we can only ping by the IP address not by the name.
The gateway on the MPLS for site B and C is the site A WAN IP address.
Currently we dont have any outbound policies on the site A router.
On the balance 30 at site A add an outbound policy that is any to any priority and the WAN2 internet link as highest priority.
Thank you for getting back to me so quickly.
Here is what we added to the site A router. Still not able to access a website or ping by name. Can still ping by IP address.
That should work. outbound traffic from site B and C should come in via WAN1 (IP forwarding) on SiteA and then back out again on WAN2 (NAT)
Screengrab WAN 1 settings on Site A Balance router please.
So WAN1 on site B and C router should be set to IP Forwarding?
Screenshot of WAN1 site A router.
Yes as per earlier but just for MPLS circuits: The Internet access at site A should be NAT.
