Thread Info
  • Locked Locked
  • Replies 0 replies
  • Subscribers 27 subscribers
  • Views 449 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

policy route not been applied

JaimeCaballero

Hi

i have two sohos xg conected through a MPLS.  I want them to route the traffic via a policy route because i wan to configure the failover vpn to conect both sides.

the schema is simple.

On Site ONE i have :

*my local network:  192.168.2.0/24

* an XG with a MPLS zone, an interface (PORT3) in that zone  and a manually created gateway 

*Policy route to make the traffic to Site TWO network go through theat manually created gateway.

 

On Site TWO i have the same :

*my local network:  192.168.3.0/24

* an XG with a MPLS zone, an interface (PORT 3) in that zone  and a manually created gateway 

*Policy route to make the traffic to Site ONE network go through theat manually created gateway.

 

I have installed a web service on Site ONE on IP 192.168.2.10

When trying to conect from Site TWO to the web service it doesn't show the web page and when i inspect the trafic, the policy route is been applied on Site TWO wich is the origin of the traffic... the host on Site ONE gets the traffic and send the ack... but when Sophos on Site ONE get the response it doesn't route the packet with the policy.  It send it through WAN...  

 

see below a tcpdump on the XG on Site ONE.  It gets the packets from PORT 3 wich is the MPLS... and sends it back with PORT 2 wich is the WAN interface...  even though there is a healthy policy route on it. 

 

SFVUNL_SO01_SFOS 17.5.3 MR-3# tcpdump host 192.168.3.10
tcpdump: Starting Packet Dump
12:04:59.530329 Port3, IN: IP 192.168.3.10.35186 > 192.168.2.10.www: Flags [S], seq 2039753055, win 29200, options [mss 1460,sackOK,TS val 37778129 ecr 0,nop,wscale 7], length 0
12:04:59.532005 Port1, OUT: IP 192.168.3.10.35186 > 192.168.2.10.www: Flags [S], seq 2039753055, win 29200, options [mss 1460,sackOK,TS val 37778129 ecr 0,nop,wscale 7], length 0
12:04:59.532199 Port1, IN: IP 192.168.2.10.www > 192.168.3.10.35186: Flags [S.], seq 2930162547, ack 2039753056, win 28960, options [mss 1460,sackOK,TS val 20118367 ecr 37778129,nop,wscale 7], length 0
12:04:59.533321 Port2, OUT: IP 192.168.2.10.www > 192.168.3.10.35186: Flags [S.], seq 2930162547, ack 2039753056, win 28960, options [mss 1460,sackOK,TS val 20118367 ecr 37778129,nop,wscale 7], length 0

 

 

Testing the other way... if I ping  Site TWO  from Site ONE i get the same issue.   

 


SFVUNL_SO01_SFOS 17.5.3 MR-3# tcpdump 192.168.2.10
tcpdump: syntax error
SFVUNL_SO01_SFOS 17.5.3 MR-3# tcpdump host 192.168.2.10
tcpdump: Starting Packet Dump
12:11:18.086534 Port3, IN: IP 192.168.2.10 > 192.168.3.10: ICMP echo request, id 11472, seq 1, length 64
12:11:18.086966 Port1, OUT: IP 192.168.2.10 > 192.168.3.10: ICMP echo request, id 11472, seq 1, length 64
12:11:18.087210 Port1, IN: IP 192.168.3.10 > 192.168.2.10: ICMP echo reply, id 11472, seq 1, length 64
12:11:18.087259 Port2, OUT: IP 192.168.3.10 > 192.168.2.10: ICMP echo reply, id 11472, seq 1, length 64

 

What can be the issue here... why policy route is not routing back the packets?

 

please any advice.

 

 

 

 

 

 

 

   

           



This thread was automatically locked due to age.