Routing
Showing results for 
Search instead for 
Do you mean 
Reply
Highlighted
Visitor
Posts: 1
Registered: ‎09-06-2012
0 Kudos

Routing Assistance Needed

I have a wide area network where multiple sites (5 to be exact) are connected via VPLS...

I've been tasked with splitting up networks at each site into 2 separate subnets to isolate networks (let's say Business & POS).

The existing routing has been working flawlessly but when I'm attempting to route to the new subnet at any particular location, I am having no joy.

For Example...
Site 1

LAN1 - 192.168.20.x
LAN2 - 192.168.10.x [new subnet]
Bridging LAN - 192.168.40.1

Site 2
LAN1 - 192.168.21.x
LAN2 - 192.168.11.x [new subnet]
Bridging LAN - 192.168.40.2

Routing table
Site 1

192.168.21.x/24 192.168.40.2 [existing route - working]
192.168.11.x/24 192.168.40.2 [new route that's not working]

Site 2
192.168.20.x/24 192.168.40.1 [existing route - working]
192.168.10.x/24 192.168.40.1 [new route that's not working]

Also note, that If i'm on the new subnet I can route to the original subnets via the routing. (meaning if I'm on 192.168.10.x i can get to 192.168.21.x)

Distinguished Expert
Posts: 4,762
Registered: ‎03-30-2009
0 Kudos

Re: Routing Assistance Needed

Where is the gateway for the new subnet you create at each site and how does that gateway see your existing link on the 192.168.40 subnet?

 

and after you configure the static route for access, is the route actual active and visible in the routing table via the operation commands?

show route

 

Since you have a number of sites, you may also want to consider setting up OSPF for route distribution on a more automated basis.

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV
JNCDA JNCDS-DC JNCDS-SEC
JNCIS-SP
ACE PanOS 6 ACE PanOS 7
http://puluka.com/home
Super Contributor
Posts: 162
Registered: ‎07-18-2012
0 Kudos

Re: Routing Assistance Needed

[ Edited ]

Hi Folks,

I hope you do have something like below,

192.168.21.x

   +-------+                                                 +-------+
   |       |                                                 |       | 192.168.20.x
   |       |                                                 |       |
   +---+---+                                                 +---+---+
       |                              192.168.40.1               |
       |             +----------+         +-----------+          |
       |             |          |         |           |          |
       +-------------+          |         |           +----------+
                     |   SITE 1 +---------+  SITE 2   |
       +-------------+          |         |           +----------+
       |             |          |         |           |          |
       |             +----------+         +-----------+          |
       |                  192.168.40.2
   +---+---+                                                 +---+---+
   |       |                                                 |       |
   |       |                                                 |       |  92.168.10.x
   +-------+                                                 +-------+
  192.168.11.x

I would do please check reachabilty to remote LAN with source as 192.168.40.1/2 resp

Configure fireewall filetr to confimr the packets are going out

Check the routing/forwarding atble eith right entries

-Python
#Please mark my solution as accepted if it helped, Kudos are appreciated as well.
Visitor
Posts: 1
Registered: ‎03-27-2017
0 Kudos

Re: Routing Assistance Needed

So your diagram is exactly what I'm doing. So the Juniper SSG devices are functioning as the routers

 

Trust interfaces

192.168.21.x & 192.168.11.x  - Site 1

192.168.20.x & 192.168.10.x - Site 2

 

Untrust interfaces

192.168.40.2 - Site 1

192.168.40.1 - Site 2

 

If I try to ping from the 40.1 interface I can get to 20.x (existing route setup a few years ago), but I cannot get to 10.x (new route setup yesterday).

 

 

Distinguished Expert
Posts: 4,762
Registered: ‎03-30-2009
0 Kudos

Re: Routing Assistance Needed

What interface is the gateway for your new subnets?

 

Are the routes active in the table?

get route

 

What zone are the new interfaces assigned to?

Is there a policy for this zone to permit the traffic?

Steve Puluka BSEET
Juniper Ambassador
Senior IP Engineer - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
JNCIA-Junos JNCIS-SEC JNCIP-SEC JNCSP-SEC
JNCIS-FWV
JNCDA JNCDS-DC JNCDS-SEC
JNCIS-SP
ACE PanOS 6 ACE PanOS 7
http://puluka.com/home