Hi
We are moving from leased lines and sDSL connections per site, to an MPLS based network with 1 secure internet breakout which is configured on the MPLS cloud. The 3 sites will be connected by ISP (ISP intranet VPN). Behind ISP router, we have an Untangle router on each site
OLD situation:
A separate router for internet and leased lines is installed at each site.
Leased lines are connected to the core switches at each site without any firewall between. Fixed routes on the leased line routers are routing the traffic between the 3 sites.
Behind the Internet sDSL routers, each site has its own untangle in router mode.
• Site A: 192.168.100.0/24 – 2 NICS on untangle (ext: 192.168.200.1 int: 192.168.100.1)
• Site B: 172.16.100.0/24 – 2 NICS on untangle (ext: 172.16.200.1 int: 172.16.100.1)
• Site C:10.0.100.0/24 – 2 NICS on untangle (ext: 10.0.200.1 int: 10.0.100.1)
Fixed routes on untangle route intranet traffic over the leased line routers. Leased line routers have local IP LAN ip addresses (Site A to B: 192.168.100.40 / 172.16.100.40; SITE A to C 192.168.100.39 / 10.0.100.39)
NEW situation:
Where we used to have a separate router for internet and leased lines, we now have one router at each site from our ISP handling
• intranet traffic between the 3 sites
• internet traffic
Network is the same then in the old situation:
• Site A: 192.168.100.0/24 – 2 NICS on untangle (ext: 192.168.200.1 int: 192.168.100.1) – ISP GW 192.168.200.2
• Site B: 172.16.100.0/24 – 2 NICS on untangle (ext: 172.16.200.1 int: 172.16.100.1) – ISP GW 172.16.200.2
• Site C:10.0.100.0/24 – 2 NICS on untangle (ext: 10.0.200.1 int: 10.0.100.1) – ISP GW 10.0.200.2
Question:
How will I be able to route traffic over Untangle from for example site A to site B or Site C to site A?
How will I be able to separate Internet traffic from intranet traffic (3rd interface?).
Can imagine adding firewall rules will not be enough?
Site A to site B
Unt site A
Source interface internal
Destination interface external
Destination address 172.16.200.1
Protocol any
Unt site B
Source interface internal
Destination interface external
Destination address 192.168.200.1
Protocol any
Site C to site A
Unt site C
Source interface internal
Destination interface external
Destination address 192.168.200.1
Protocol any
Unt site A
Source interface internal
Destination interface external
Destination address 10.16.200.1
Protocol any
We are moving from leased lines and sDSL connections per site, to an MPLS based network with 1 secure internet breakout which is configured on the MPLS cloud. The 3 sites will be connected by ISP (ISP intranet VPN). Behind ISP router, we have an Untangle router on each site
OLD situation:
A separate router for internet and leased lines is installed at each site.
Leased lines are connected to the core switches at each site without any firewall between. Fixed routes on the leased line routers are routing the traffic between the 3 sites.
Behind the Internet sDSL routers, each site has its own untangle in router mode.
• Site A: 192.168.100.0/24 – 2 NICS on untangle (ext: 192.168.200.1 int: 192.168.100.1)
• Site B: 172.16.100.0/24 – 2 NICS on untangle (ext: 172.16.200.1 int: 172.16.100.1)
• Site C:10.0.100.0/24 – 2 NICS on untangle (ext: 10.0.200.1 int: 10.0.100.1)
Fixed routes on untangle route intranet traffic over the leased line routers. Leased line routers have local IP LAN ip addresses (Site A to B: 192.168.100.40 / 172.16.100.40; SITE A to C 192.168.100.39 / 10.0.100.39)
NEW situation:
Where we used to have a separate router for internet and leased lines, we now have one router at each site from our ISP handling
• intranet traffic between the 3 sites
• internet traffic
Network is the same then in the old situation:
• Site A: 192.168.100.0/24 – 2 NICS on untangle (ext: 192.168.200.1 int: 192.168.100.1) – ISP GW 192.168.200.2
• Site B: 172.16.100.0/24 – 2 NICS on untangle (ext: 172.16.200.1 int: 172.16.100.1) – ISP GW 172.16.200.2
• Site C:10.0.100.0/24 – 2 NICS on untangle (ext: 10.0.200.1 int: 10.0.100.1) – ISP GW 10.0.200.2
Question:
How will I be able to route traffic over Untangle from for example site A to site B or Site C to site A?
How will I be able to separate Internet traffic from intranet traffic (3rd interface?).
Can imagine adding firewall rules will not be enough?
Site A to site B
Unt site A
Source interface internal
Destination interface external
Destination address 172.16.200.1
Protocol any
Unt site B
Source interface internal
Destination interface external
Destination address 192.168.200.1
Protocol any
Site C to site A
Unt site C
Source interface internal
Destination interface external
Destination address 192.168.200.1
Protocol any
Unt site A
Source interface internal
Destination interface external
Destination address 10.16.200.1
Protocol any