dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1186
CowboyWay
join:2014-10-14

CowboyWay

Member

Zywall USG 100 >> Route certain local subnet traffic to second router?

We have two zywall usg 100 in the same rack supporting two different networks (see diagram). We currently have a ipSec tunnel between them to support accessing various servers. We frequently need to move large amounts of data between the two networks and have found the ipSec tunnel to be quite slow for this (i.e. 3 Mbs).

We believe a more direct route can be established by using a physical connection between the routers, but are uncertain how we might configure that? Assume that we have a cable between the last ethernet port (P7) connecting both routers. We want to route traffic accross this cable when the destination matches the repective subnet (see diagram). If this works, we will remove the ipSec tunnel which wouldn't be needed any longer.

Any suggestions on how to implement the configuration for this would be appreciated.

thanks

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON

Brano

MVM

Do you still need the IPSec tunnel when you connect via cable?

Assuming the IPSec is removed, then connect via cable for example port 7 to port 7.

On 2nd router configure LAN2 10.3.0.0 on port 7. That should do it.
CowboyWay
join:2014-10-14

CowboyWay

Member

If successful with the direct cable connection, than the ipSec tunnel would be removed.

Would this solution support bi-directional connectivity without additional config?

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON

Brano

MVM

Yes bidirectional. You may want/need to add some firewall rules either router to control the traffic.

But this warrants a question, why do you need two routers? What are your requirements?
One router can handle both networks.
CowboyWay
join:2014-10-14

CowboyWay

Member

There may be an opportunity to consolidate in the future. We recently changed out older routers for the USG 100 models which gives us the opportunity to do that.

For now, we would like to see our cabled solution working and appreciate the help. Would the 10.3.0.0 be assigned on both ends (routers)? I assume then we wouldn't need any static or dynamic route policies?

stefaanE
Premium Member
join:2002-07-10
9657

stefaanE to CowboyWay

Premium Member

to CowboyWay
Your routers will not be able to route when they are on the same IP subnet -- you do need different subnets, and a route definition on either end. The routers can discover each other's subnets through RIP or OSPF, or you can configure static routes on both routers.

If the switches for the networks are accessible, a simpler solution is to use a single subnet for your servers and the devices that need to access them, and interconnect the switches. If you have Gigabit switches, this will also be a lot faster, because the USG-100 maxes out at about 10MB/s when routing bidirectionally (it's rated at 220Mb/s maximum throughput).

Take care,

Stefaan

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON
(Software) OPNsense
Ubiquiti UniFi UAP-AC-PRO
Ubiquiti NanoBeam M5 16

Brano to CowboyWay

MVM

to CowboyWay
What I meant is following:
Assuming router A has 10.3.0.0/16 subnet with LAN IP 10.3.0.1
Assuming router B has 10.4.0.0/16 subnet with LAN IP 10.4.0.1

Connect the routers through LAN ports, i.e. port 7 on each router.

There are multiple ways to configure this, one possible option is:
Create a new network let's say LAN2 on router B:
Subnet 10.3.0.0/16, LAN IP 10.3.0.2
Disable DHCP on this subnet
Assign this subnet to port 7 only (you may want to put it into separate zone)

Now your router B has two networks, one of it's own (10.4.0.0/16) on all ports except P7, and P7 is on router's A subnet.

But as mentioned earlier, using a switch or single router would make things easier and faster.
CowboyWay
join:2014-10-14

CowboyWay

Member

I tried this and added firewall rules for lan2 to lan1 on both routers involved. Nothing routes accross networks. What else might be missing from the config to make this work?

thanks again

Quka
@92.249.143.x

Quka

Anon

Why do you need two routers? One USG 100 should do the trick alone too...
Connect First internet to WAN1, second internet to WAN2. Overwrite the default trunk, with no trunk.
Connect First subnet to LAN1, second subnet to LAN2, and voilá, it will work.
If you want to close connection between the two subnets, then create a security policy to separate the both parts...