Same subnet routing

Shaun_Wisenburg · August 11, 2018, 4:41pm

Hi,

We have a client that currently uses a Cisco ASA 5510 in there HQ on a 192.168.1.0 /24 and we are moving them over to an HA configuration with 2 Balance 380’s with SpeedFusion for all of the branch locations. The master 380 is sitting on 192.168.1.6 with the slave on 192.168.1.7 and the virtual gateway is 192.168.1.8. How can i route traffic from the 380 to the Cisco ASA on the same subnet?

All help would be appriciated.

Shaun_Wisenburg · August 11, 2018, 4:44pm

This is only temporary for maybe 3 weeks before the 380’s take over.

sitloongs · August 12, 2018, 7:23pm

Just for your information, layer 2 traffics (Same network) doesn’t send via routing hence impossible to route the traffics.

Would you able share your network diagram here for us to better understand your problem ?

Shaun_Wisenburg · August 12, 2018, 7:45pm

I have uploaded the diagram, Active Directory controls DHCP on the native VLAN.

HQ - Network Diagram.pdf (328.4 KB)

WeiMing · August 12, 2018, 9:01pm

From the diagram, I believe the Balance 380 and Cisco ASA 5510 are sitting in the same level logically, where it creates 2 gateways per VLAN (subnet).

Do you mind to share more information about what you intend to achieve with this setup (believe to be temporary)?

Shaun_Wisenburg · August 12, 2018, 9:08pm

The customer has 10 branch offices but only 8 will connect to the 380’s and the other 2 will connect to the ASA until the other 2 sites are ready to change over. The 380 has dhcp disabled, isnt there a way i can send all data to the ASA from the 380? The customer has the main server on 192.168.1.20 that all sites send data to.

WeiMing · August 13, 2018, 2:44am

I believe the main server (192.168.1.20) default gateway is pointing to the Cisco ASA.

If this so, then in order for the main server communicates to the 8 branch offices (connected with SpeedFusion), you will need to add the static route for the 8 branch offices network(s) at the Cisco ASA point to Balance 380 VLAN 1-VIP as next hop. That should achieve the purpose.

Shaun_Wisenburg · August 13, 2018, 4:00am

So your saying to build a static route from the ASA to the 380? Or build a static route from the 380 to the ASA?

Shaun_Wisenburg · August 13, 2018, 7:44am

Also, does it matter if the Peplink is using the WAN’s DNS or the internal DNS server on 192.168.1.22?

MartinLangmaid · August 13, 2018, 9:00am

You need to add a static route on the ASA for the SpeedFusion connected remote peers so that it knows what the next hop is (the Balance 380 VIP).

The diagram isn’t clear as to where DHCP sits on this network. Assuming the DHCP server is on your Active Directory Server (Likely along with local DNS resolution), then the Peplink can use the WAN ISPs DNS servers.

Shaun_Wisenburg · August 13, 2018, 10:10am

Correct, the DHCP server is on the Active Directory along with local DNS resolution. Would I also need to set up a static route from the 380 pointing to the ASA on 192.168.1.1 for inbound from SpeedFusion?

Shaun_Wisenburg · August 16, 2018, 2:49pm

So, we finally had time today to try and create the static routes and so far we can ping every device on the Cisco if I’m PPTP into the Peplink, If I ping straight from the Peplink or Incontrol I can ping all the devices but not from the SpeedFusion tunnels from the other Peplink’s.

Shaun_Wisenburg · August 17, 2018, 9:28am

Can someone help point us in the right direction? Thanks in advance! @WeiMing @peplinkspecialist

sitloongs · August 19, 2018, 8:35pm

Can you further explain your issue ? How you perform the ping test ? From which device ping to which devices ? Can you explain this using the network diagram ?

Shaun_Wisenburg · August 20, 2018, 9:06am

So If I use Traceroute from inside the Peplink, System ------>Tools -----> Traceroute, I get:

traceroute to 192.168.1.1 (192.168.1.1), 30 hops max, 60 byte packets

1 * * * 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * *10 * * *11 * * *12 * * *13 * * *14 * * *15 * * *16 * * *17 * * *18 * * *19 * * *20 * * *21 * * *22 * * *23 * * *24 * * *25 * * *26 * * *27 * * *28 * * *29 * * *30 * * *

Seems like it doesn’t see it, but now If I remote into the same Peplink using PPTP or L2TP with IPsec I get this:

Tracing route to 192.168.1.1 over a maximum of 30 hops

1 54 ms 63 ms 53 ms rmr—pine-brook-hq—2 [192.168.1.8]
2 68 ms 56 ms 58 ms 192.168.1.1

That just seems a little strange to me, like maybe its an issue on our side. Maybe a firewall setting?

sitloongs · August 20, 2018, 6:59pm

@Shaun_Wisenburg,

Would you please contact Peplink local partner for assistance ?
https://www.peplink.com/peplink-certified-partners/

The tracert/traceroute results won’t give you result if you using the wrong interface/destination.

Shaun_Wisenburg · August 23, 2018, 11:16am

Thanks everyone for your help, we ended up using a layer 3 switch on the customers network as the gateway and was able to enter the required static routes. Every thing is working great.