One Network to Another - Not reachable

Anthony · February 9, 2014, 5:30pm

Hi guys

Problems:

Production network (10.1.1.0/28) cannot reach Office network (10.2.2.0/28)
Office network (10.2.2.0 /28) cannot reach Production network (10.1.1.0 /28).

However both networks are accessible from external networks behind ISPs.

What am I missing??
Anyone able to shed some light here?

-Anton

FrontierComputerCorp · February 9, 2014, 9:48pm

Hello Anthony,

when you say that both networks are accessible from external networks behind the ISP -
are these connected via VPN ?
are there any speedfusion VPN’s ?
are these on a private line such as MPLS ?
are there any static routes in the balances ?
are there routes in the ISP routers for those networks?

behind the balances in Drop-In Mode, im assuming there is a firewall in place ? - Just trying to get some ideas going

Anthony · February 10, 2014, 9:43am

When I mentioned accessible from external networks, means both production & office networks can be reach from Internet via the ISP routers.
Sorry for the confusion.
The IP address 10.1.1.0/28 & 10.2.2.0/28 are for illustration purpose. Real life deployment, all devices are using public IPs.

The setup is very simple.
There’s no VPN, no Speedfusion VPN, no MPLS.
There’s no static routes in the balancers.
Routers only contains default route to Internet.
Yes there are 1 firewall behind the balancer respectively.

Jonan_Santiago · February 10, 2014, 12:11pm

Hi Anthony,

One thing I am wondering is why are the same WAN IPs reused across both Peplink units ( 10.1.1.3 and 10.2.2.3 ) . This would not work or is it a mistake in diagram ?

The most reliable solution here is to add routes on each ISP router for the other network. That way no matter which WAN (4 or 5) packets exit the other network can be reached.

If not possible then you could set an outbound policy for the remote network on each side. For example on Production Peplink set an outbound policy matching 10.2.2.0/28 and forcing it out WAN4.

-Jonan

Anthony · February 10, 2014, 12:48pm

My bad. Mistake on the Diagram. See below revised.

I’ve tried your suggested - Setting an outbound policy matching destination subnet enforced out WAN 4. Doesn’t works.

Qns: Is there anyway I can tell the balancer what IP address(es) is on the outside the WAN rather than behind the LAN?
I’m looking at the Drop-In mode WAN port > Additional Public IP Settings (Whether my solution lies here or not?)

Jonan_Santiago · February 10, 2014, 5:25pm

No that setting will not solve this. Thats for binding more IPs to the WAN interface.

The outbound policy should work. Did you add a similar policy on other Peplink so packets can make it back ?

If it still does not work you can open a ticket and submit your configuration so we can take a closer look.

Another option is to setup a SpeedFusion VPN tunnel between both units.

-Jonan

Anthony · February 10, 2014, 8:03pm

I’m going to try out on the SpeedFusion option.
Stay tune on the outcome.

Anthony · March 27, 2014, 2:30pm

Hi all

Just to put this thread to a closure.
The problem was resolved after upgrading my LB580 firmware to ver 6.1.0 build 2863 recommended by the support team.

Rgds
Anton

Jarid_Petermann · March 28, 2014, 1:04am

Hello,

Sounds good Anthony and appreciate the update As always, should you have any future questions/inquiries, don’t hesitate to ask.