We have a problem with our new WAN connection - cannot get the old one and new routed properly. We had a following setup before
WAN1 - DMZ - LAN
WAN1 is routed behind a "transfer network" - x.x.y.32/30 to x.x.z.176/28 - so the default gw was x.x.y.34 and the gw for that .33
Most public services are DNATed from WAN1 to DMZ, LAN is masqed on WAN1 gw, SSL VPN is on WAN1 gw, etc
Now that there is this new connection, WAN2, we're having a lot of problems with routing. We got the WAN2 working as default gw, but then the services on WAN1 are in trouble.
Okay, found a policy route suggestion from KB (# 236926), but that helps only on external addresses, not on gw. Neither does the LAN to DMZ traffic work. So I can get either LAN to DMZ or internet to WAN1 but not both at the same time.
Anyone with a concept on this one?
UPDATE: my policy route seems to do the thing. Allthough it somehow took quite a long time to begin to work.
First I made the DMZ gw route as suggested in the KB
Route Type: Gateway Route
Source Interface: DMZ
Source Network: DMZ (Network)
Service: Any
Destination: Any
Gateway: WAN1_Gateway
(Here the WAN1_gateway is the real gw, not the default gw of the box, see above)
Then I made a new exception route above the DMZ gw route
Route Type: Interface Route
Source Interface: DMZ
Source Network: DMZ (Network)
Service: Any
Destination: Internal (Network)
Target: Internal
Does this seem sound? I still can't connect the old default gw of the box from outside, but that only affects the SSL VPN, so we can live with it.
This thread was automatically locked due to age.