Routing between 2 routers

Forum|Forum|12 years ago
July 11, 2013
7 replies
10231 views

Hi, I have 2 routers, and want to route between 192.168.0.0 and 192.168.1.0. What can I do? 1. wan <---> fortigate router <--192.168.0.1-->internal lan 2. internal lan<--192.168.0.10-->tp-link wireless router<---192.168.1.1-->printers and wireless device I tried to set the static route in fortigate router but failed. Destination IP/Mask: 192.168.1.0/255.255.255.0 Gateway: 192.168.0.10 Please help!

Rick_H

New Member

Welcome to the forums! Just to make sure I' m clear, it sounds like the two subnets you' re trying to route between are not both connected to the FortiGate. Is that correct? Working with that assumption... I don' t know a lot about TP-Link devices, but from the website they look like consumer-grade wireless routers. The term " router" is a bit of a misnomer as most of these devices are actually firewalls. Are you able to reach nodes on the 192.168.0.0/24 subnet from the 192.168.1.0/24 subnet but not the other way around? If so then you probably need to take a look at the firewall policies on the TP-Link to make sure you' ve allowed the traffic you want to flow between those two networks/interfaces unobstructed.

ede_pfau

SuperUser

How did you " fail" in setting the static route? What have you done or tried yet? Do you have policies in place? Which FortiOS do you use? Which hardware? If you connect a notebook to one port of the TP link device, can you ping anything on the other port? And vice versa?

bigwormAuthor

New Member

Thanks for Rick and ede_pfau. I am able to ping from 192.168.1.0/24 to 192.168.0.0/24 but not vice versa. I am a newbie in networking, using fortigate 80CM router OS 4.0 MR1, and setup the static route as mentioned before, I also tried to add the policy but still no luck. Moreover, the WAN port of tp-link connected to the LAN port of fortigate through switch hub.

ede_pfau

SuperUser

Just what you would have expected. Traffic from the WAN port of the WiFi router to it' s internall port is not allowed. Try the following: set the TP router into ' Bridging Mode' so that you have the same subnet on all ports (including the WiFi port). Additionally, disable the firewall on the TP. Both should be possible even with a TP router.

bigwormAuthor

New Member

I couldn' t find the " Bridging Mode" setting in TP router, but I did disable the firewall.

Rick_H

New Member

Did disabling the firewall do the trick for you?

bigwormAuthor

New Member

Sorry it didn' t

Rick_H

New Member

I' m reasonably certain your issue here is on the TP-Link device. If you can ping from the LAN side of it to the WAN side but not the other way around then your routing on the FGT should be sound (hosts on the subnet connected to the FGT wouldn' t be able to respond to a subnet that isn' t part of the default route if the routing was wrong). My suggestion would be to consider using your TP-Link in AP mode instead of as a router unless you have a specific need to segregate that part of the network. If you do have that need, then you' re going to have to explore the settings on the TP-Link to determine how to let the traffic to pass as you need it to or otherwise go with a more robust wireless solution. Since you seem to have just a single AP a FortiAP might be something to consider here since you can manage it from your FortiGate (you' ll have to upgrade the firmware on that 80CM, though).

rwpatterson

New Member

What I usually end up doing with those small SoHo wireless gadgets is to plug the internal side into the FGT internal network. Use it as a bridge between the wired and wireless LAN and skip the WAN port on the SoHo gadget altogether. Most of them use the same subnet between wired and wireless, so it work 80+% of the time. Turn off all the features, zero out the WAN port and use a single DHCP server on the network (usually a server or the FGT). If you need to have a different subnet, then do the same on the other WAN port (or DMZ) on the FGT. Same principle. Use the SoHo inside interface to that FGT port.

bigwormAuthor

New Member

Thanks Rick & rwpatterson, I still couldn' t let the TP-Link work as I need, but I did work around to move one of the printers to Fortigate' s subnet, so both subnets have their own printer. Anyway, thanks for your help.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded