Hello all,
I need of some support. New client, has 3 sites on MPLS layer 2 network (ELAN). Site A is the main office with an Internet connection that needs to be shared with the other two sites. Attached is a quick drawing of what we are dealing with. Need help on routing and if this can be done with these Peplink routers.
Thank you very much!
Currently we are testing two of the sites, Site A and B. From both router using the Ping tool on the routers we can ping the WAN interfaces. Cannot ping the LAN interfaces on the routers. Do we need outbound policies or firewall access rules to be able to see each routers LAN networks?
Whats the desired end goal here? Will you be adding additional WAN links to the balance routers?
Perhaps internet links to increase site to site bandwidth or so that internet access breaks out locally rather than going via Site A?
If you have the balance routers set up like this above and just want routing to work as is without additional bandwidth between sites then it sounds like you just need to set WAN one on all devices into IP forwarding mode then add static routes on each balance for each of the remote balance routers and you’re done.
Thank you for the reply.
We are not planning on adding any additional WAN link. We just need it to work they way it’s currently setup. So you’re saying to set the WAN1 links to IP forwarding instead on NAT? Is that on all the routers?
As for the static routes. Where do we set those at, Outbound policies or firewall access rules?
Thanks,
Shawn
Actually I’m wrong - apologies.
With the balance routers in that configuration you have two options.
Option 1 use a routing protocol on the MPLS connected WANs so that each balance knows how ro route to the LANs of the other balance routers. In this approach you would use IP forwarding on the WAN then configure OSPF or BGP to advertise the routes to the other balance routers.
Option 2 use pepvpn to tunnel over the MPLS network from site B & C back to Site A, the WANs can stay in NAT mode. This way you can add internet connectivity later if you want to increase bandwidth / resilience. The balance 20 is limited to 30MBps of (encrypted) VPN throughput (60Mbps unencrypted).
Either would work. Option 1 will let you use max throughput of 150Mbps over the WAN, Option 2 lets you add resilience and failover to 4G (via dongles on SIte B and C).
Martin,
Thank you for the information. I was able to ping from site B to site A after setting up OSPF on both routers. I haven’t had a chance yet to test from site C.
One thing that I was not able to do is access the Internet from site B. The only Internet connection is at site A which needs to be shared for all three sites. Any sugestions there?
Thank you
