Firewall Troubleshooting 1: Routing issue
Firewall
Troubleshooting 1: Routing issue
Hi, This is Trevor.Shi. I am an IT support working in Toronto.
My company has 4 Branches in different Locations, A, B, C, and D.
Currently, My company implemented the new firewall in-branch D as a VPN connection point and gateway.
My company has 4 Branches in different Locations, A, B, C, and D.
Currently, My company implemented the new firewall in-branch D as a VPN connection point and gateway.
The initial config
has been set up by the vendor.
We got the report, the client said they can't connect to their office pc.
So we troubleshoot
this issue, we did some network connection test.
Network:
We have 3 branches
B, C, D, and 1 head office A.
Branch A IP:
192.168.50.0/24
Branch B IP:
192.168.52.0/24
Branch C IP:
192.168.54.0/24
Branch D IP:
192.168.56.0/24
Branch D firewall
use S2S VPN connecting to quester office A.
Branch B and Branch
C use MPLS connecting to head office A.
Diagram:
Test result:
A can reach B, C,
and D.
B and C and reach to
each other
D can reach A,
But D can not reach
B and C.
The VPN users can
reach D and A, but can not reach B, C.
Troubleshooting:
We checked the
firewall routing config, find there had two static routings:
192.168.50.0/24 to
Branch A gateway
Any to Internet
From these two
routing records, we can tell the traffic from D/VPN to A 192.168.50.0 will route to Branch A gateway, other wire the traffic will route to the internet or
drop it.
The traffic from D
to C and B will drop by Firewall D cause the Firewall D could not find the
routing record.
So we believed it is
the routing issue in the Branch B firewall.
Solution:
Since all of the
internal networks are in the 192.168.x.x range, we modified the tunnel to route
all traffic to the 192.168.0.0/16 subnet across. The issue fixed.
Comments
Post a Comment