01-26-2011 07:25 AM
I am trying to see if this will work. I would like to place a secondary IP address on the WAN router and place the WX in that network (inline mode) while maintaining the primary IP address to match up with the LAN segment. So, for examaple. Lets say at the location, the LAN segment is 10.0.0.0/24 and the WAN router is 10.0.0.1 on the LAN interface. I would like to add a secondary IP address to the WAN router with an IP of 192.168.0.1/30 and give the WX an IP of 192.168.0.2/30. The traffic flowing through the WX will still be on the 10.0.0.0/24 network. Will this work? Here is a diagram:
Primary - 10.0.0.1/24 192.168.0.2/30
Secondary - 192.168.0.1/30
01-26-2011 10:34 AM
This scenario will not work because CLIENTS on 10 network won't be able to resolve the gateway router's arp. WX does not work like a router. It assigns only one ip to both of it's interfaces and bridges them together. So a client on 10 network won't be able to ping neither WX nor wan router's ip if WX is in the middle (in-line) mode using a different ip subnet then 10 network.
May I ask what are trying to achieve with this kind of topology?
01-26-2011 10:44 AM
Thanks for the response. The problem is we are providing a managed service for this customer, but only certain IP ranges are accessible from our management network. The normal LAN segment's IP is not. For routers, we just apply a secondary IP with the managable network and it all works ok. Just curious, if the WX bridges the 2 interfaces together, won't it pass on ARP requests to the router on the normal range even if it's management IP isn't in that range? That was the way I was hoping it would work. Also because another site for this client has 3 IP ranges the clients are on which is handled by secondary Ip addresses for the router. That site looks like this currently:
IP 1) 10.0.0.1/24
IP 2) 10.0.1.1/24 (secondary on interface)
IP 3) 10.0.3.1/24 (secondary on interface
So a very similar situation.
01-26-2011 11:01 AM
I think I misunderstood the question..
When the client PC (10 network) will ARP for the default gateway, wx WILL pass the arp request to the router as passthrough. So yes, it will work.
So when the arp will be resolved, the WX will start putting the desired flows in the tunnel and it would reach the other WX on the other site. On the return path, the trafic sent by the other wx will reach back to the first wx and it will send it back to the router connected on its remote interface, which then will look into it's arp table and send it across wx to the clients. So there is going to be a lot of back and forth traffic going through the wx interfaces.
Here is how the flow coming back from the other wx to the clients in site 1 will look like;
wx (site 2) --> wan cloud (via tunnel) --> WX (site 1) --> wan RTR (site 1) --> back to WX (Site 1) --> clients.
If that is OK with you then yes it is going to work. That is actually how most managed service providers handle the networks.
01-26-2011 12:00 PM
Great, thanks for the help. I feel a little more comfortable knowing this is how other service providers also tend to handle this situation.
01-26-2011 12:08 PM
I hope you understood the catch with the direction of the flow clearly. You would see "extra" traffic on WX remote interface while decompressing the data.
Please mark this as "Accepted Solution" if it worked for you.