Dear Guys,
At this time I am in an installation using VyOS and I am running into routing issues. But first, I would like how my installation looks like:
My installation is as described in the Network Diagram attached:
For this installation, I configured the network interfaces of VyOS as follows:
set interfaces ethernet eth0 address '190.66.11.50/28'
set interfaces ethernet eth1 address '192.168.11.50/28'
set interfaces ethernet eth2 address '10.1.1.2/16'
set interfaces ethernet eth3 vif 2 address '192.168.80.1/22'
set interfaces ethernet eth3 vif 2 description 'VLAN 2'
set interfaces ethernet eth3 vif 15 address '192.168.15.1/24'
set interfaces ethernet eth3 vif 15 description 'VLAN 15'
set interfaces ethernet eth3 vif 20 address '192.168.20.1/24'
set interfaces ethernet eth3 vif 20 description 'VLAN 20'
Also, I added a static route so the VyOS system can have Internet access:
set protocols static route 0.0.0.0/0 next-hop '190.66.11.49'
From this point, I am able to ping the internet from VyOS.
Now, because I need to reach the 192.168.10.0/24 network at the other side of the MPLS network, I added the following static route:
set protocols static route 192.168.10.0/24 next-hop '10.1.1.1'
And from this point, I am able to ping any host in the 192.168.10.0/24 network from VyOS.
Now HERE is my problem:
I need to get Internet access and to reach the networks at the other end of the MPLS network from the networks connected either eth1, eth2 or eth3. However, I ran into two (2) very strange scenarios for me:
1. Internet access but I cannot reach the 192.168.10.0/24 from 192.168.11.48/28 (DMZ)
Given the configuration above, and because I need to reach Internet and MPLS from the same network (DMZ) I configured the following:
set nat source rule 10 description 'INTERNET_DMZ'
set nat source rule 10 outbound-interface 'eth0'
set nat source rule 10 protocol 'all'
set nat source rule 10 source address '192.168.11.48/28'
set nat source rule 10 translation address 'masquerade'
Here, I am able to surf the Internet but have no access to the MPLS even when the static route to the MPLS is configured.
2. MPLS access but no Internet from DMZ
Because the earlier situation, I decided to change the nat source rule so the output becomes the MPLS and the static route to the Internet, but still have no success because I lose conectivity to teh Internet but have access to the MPLS given the following configuration:
set nat source rule 10 description 'MPLS_DMZ'
set nat source rule 10 outbound-interface 'eth2'
set nat source rule 10 protocol 'all'
set nat source rule 10 source address '192.168.11.48/28'
set nat source rule 10 translation address 'masquerade'
And the same happens for all of the rest of the networks as if the static route is not working or something is missing.
I tried to use interface routing but the behavior is the same, so no success at all.
Given the facts above, is there anyone that can help me suggesting if something is missing or whether I am doing it the wrong way? Believe me, I have tested routing, checked the routing tables and the routes are established…
Thanks in advance and looking forward your prompt reply!
Regards,
Elkin Gonzalez