This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to selectively route traffic through 2 X WAN

I have 2 WAN interfaces, WAN1 and WAN2 and just one internal LAN. I am using an ASG120 (with 512MB RAM) with the 7.101 firmware.

I have done the following:
a) Created masquerading rules for WAN1 and WAN2.

b) Created DNAT rules to forward the necessary ports

c) Created the necessary packet filter rules

d) Create the necessary policy routes

However the DNATted services only work with the WAN line that has been assigned as the default gateway. Services DNAtted over the WAN line that is not the default gateway will not work.
I have however confirmed through packet filtering logs that whenever I try to establish connection to the non default WAN line, the packet filter did allow it to through.
I have also tried the setup shown at

https://community.sophos.com/products/unified-threat-management/astaroorg/f/54/t/38639

but I still cannot get it to work.

I have verified that the gateway for WAN2 is correct through a traceroute and as it is a fact that WAN2 works without problems when set as the default gateway (this is when WAN1 wont work).
Please help.

This thread was automatically locked due to age.

0 Flancer over 17 years ago
I've tinkered around with it a bit and I noticed a bug in the ASG 120.

Somehow it had tied the WAN2 gateway to the wrong interface earlier.
Through the console login I manually deleted that route.

Now by setting up the policy routing as per the following:

Route Type:                       Gateway Route
Source Interface:                 Any
Source Network:                   Your WAN #2 IP
Service:                          Any
Destination:                      Any
Gateway:                          Your WAN #2 Gateway

I am able to SSL VPN to the unit over the WAN#2 IP and even ping the WAN2 IP.

However, it seems I am still unable to DNAT over the WAN#2 IP.

What else am I missing? I have checked the packet filter logs and they do not show any problems. For example I want to DNAT service port 20000 to WAN#2 IP to 192.168.0.44. Through the packet filter logs, it shows that the traffic is successfully passed to 192.168.0.44.

Again DNAT seems to work only if I DNAT through WAN#1.
Cancel
Vote Up 0 Vote Down

Cancel

0 Flancer over 17 years ago in reply to Flancer

Alright I got a bit further by creating the following POLICY ROUTE:


Route Type:                       Gateway Route

Source Interface:                 Any

Source Network:                   192.168.0.44

Service:                          Any

Destination:                      Any

Gateway:                          Your WAN #2 Gateway

Through this I was able to DNAT any service to 192.168.0.44 over WAN #2.

However, this is currently not acceptable as I only need to DNAT a few services over WAN #2 and the rest over WAN #1.

For example, if I want to DNAT the PPTP service to WAN#2 only and the HTTP service to WAN#1. How should I do it?

I have tried the following settings for PPTP


Route Type:                       Gateway Route

Source Interface:                 Any

Source Network:                   192.168.0.44

Service:                          PPTP

Destination:                      Any

Gateway:                          Your WAN #2 Gateway


Route Type:                       Gateway Route

Source Interface:                 Any

Source Network:                   192.168.0.44

Service:                          GRE

Destination:                      Any

Gateway:                          Your WAN #2 Gateway

but it does not work.