I have turned on IP forwarding on the WAN at site B.
WAN2 on site A router is set to NAT
We are using OSPF to advertise the routes.
Still no joy.
Not sure what we are missing.
OK SO what you should have is this:
Site A (Hub)
WAN1 172.16.5.3/29 (IP Forwarding)
WAN2 98.101.31.x (NAT)
LAN 10.1.1.1/24
Site B (Spoke)
WAN1 172.16.5.2/29 (IP Forwarding)
LAN: 10.2.1.1/24
SIte C (Spoke)
WAN1 172.16.5.1/29 (IP Forwarding)
LAN 10.3.1.1/24
And with this configuration:
-
Site A should be able to ping 10.2.1.1 and 10.3.1.1 from the Web UI of the balance. It can do this because you have set up OSPF so that Site A knows the next hop to get to site B is 172.16.5.2 and site C is 172.16.5.1. We use IP forwarding on the WAN1 connections on all devices so that NAT does not mess with site to site traffic over the secure flat MPLS network.
-
LAN devices at Site A should have internet access. This is because you have set up an outbound policy to send traffic from Any to Any via WAN2. IN theory Site A should have learnt that the routes for Site B and C are via WAN1. If not, to be extra certain, you could always add two outbound policies above the any to any rule that is doing internet access. Those two rules would both send traffic via WAN1 for both 10.2.1.0/24 and 10.3.1.0/24 networks.
-
Sites B & C should have internet access. When a client tries to access the internet, the balance routers will forward all traffic to the Balance at site A that sends it out via WAN2, and because it is stateful it will remember the route back to the remote sites as well.
If none of that works, screenshot everything and post it here and we’ll work it out.
1 Like