Jump to content


Photo

Allowing Internet Access For Non-Local Box Network

internet NAT Routing

This topic has been archived. This means that you cannot reply to this topic.
4 replies to this topic

#1 Andrew Alford

Andrew Alford
  • Members
  • 4 posts

Posted 08 August 2012 - 07:27 AM

We've just launched a new MPLS network and have added our first remote site on to the network. This remote site will rely on us (the hub site) for internet connectivity that will pass through the MPLS. While our two networks can talk just fine, the remote site is unable to access the internet as expected. A tracert shows that the traffic routes to and stops at our NG firewall. I can confirm the denied access request by reviewing the firewall history. The error message I see is "Reverse Routing Mismatch".

When I saw this, I assumed that a route was needed for traffic to flow back to the remote site, so I attempted to put a rule in the main routing table that would effectively redirect traffic bound for that network back through the MPLS router from which it came in. Adding this rule did not relieve the error message displayed above. My LAN-2-LAN traffic seems to flow just fine.

Any suggestions?

#2 Bernhard Patsch

Bernhard Patsch
  • Barracuda Team Members
  • 119 posts

Posted 08 August 2012 - 10:18 AM

This usually happens if the NG box does not know how to get back to the remote site. I assume your network configuration looks similar to the diagram below, right?

Internet --- Providers router --- NG Firewall --- internal network (e.g. 172.16.0.0/16)
|
MPLS router --- remote network (e.g. 172.17.1.0/24)

Have you added a route to the remote network in the NG network configuration?
I.e. 172.17.1.0/24 can be reached by using the MPLS router (e.g. 172.16.0.1) as gateway/next hop.

#3 Bernhard Patsch

Bernhard Patsch
  • Barracuda Team Members
  • 119 posts

Posted 08 August 2012 - 10:19 AM

Sorry, the editor messed up the network diagram above.
The MPLS router should be connected to the internal network, not to the internet...

#4 Andrew Alford

Andrew Alford
  • Members
  • 4 posts

Posted 08 August 2012 - 10:53 AM

Here's our configuration in order from Internet back to remote site:

Internet->Ext. Router->Firewall (192.168.2.3)->Switch->MPLS Router (192.168.2.1)->MPLS CLOUD->MPLS Remote Router (192.168.0.1)->192.168.0.0/24 network

Yes - I entered a route just like you described (at least I believe I did it correctly). I entered the following into the "Main Routing" section as a gateway:

Target Address: 192.168.0.0/24 Gateway: 192.168.2.1 (also added network to trusted networks option)

I did not specify source or metric. Does this look incorrect?

#5 Andrew Alford

Andrew Alford
  • Members
  • 4 posts

Posted 09 August 2012 - 07:08 AM

Going back to this - it was my fault - I failed to go to the box control and activate network changes in order for the route to become active. This resolved my issue.