Hello,
from few days I try to set up router to using two ISP. I have virtual IP 79.10.10.245->192.168.1.5 on WAN1. I would like to use WAN2 for only one internal IP (192.168.1.15) and others internal IPs should go out via WAN1. I set up WAN2 (outside IP), added static route and police routes. Now the traffic for 192.168.1.15 goes via WAN2 but there is no routing between 192.168.1.15 and virtual IP 79.10.10.245. From 192.168.1.15 I can ping 192.168.1.5 and WAN1 router IP 79.10.10.242 but I can't ping 79.10.10.245.
WAN1 79.10.10.242/28
WAN2 80.10.10.242/28
Mail server IP: 79.10.10.245 /internal 192.168.1.5/
Static route:
WAN1:
destination:0.0.0.0/0.0.0.0
device: wan1
gateway: 79.10.10.241
distance:10
priority:0
WAN1:
destination:0.0.0.0/0.0.0.0
device: wan2
gateway: 80.10.10.241
distance:10
priority:5
Policy routes:
Procotol: all
Inncoming interface: internal
Source: 192.168.1.15
Destination: 0.0.0.0/0.0.0.0
Outgoing interfece: WAN2
Gateway: 80.10.10.241
I would like to ask You to try help me.
Thank You,
Bart.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Bart wrote:Hi,
I put to the post.
Bart.
Can you create a police route like bellow, putting the new PBR down of the wan2 policy?
Procotol: all Inncoming interface: internal Source: 0.0.0.0/0.0.0.0 Destination: 0.0.0.0/0.0.0.0 Outgoing interfece: WAN1 Gateway: 79.10.10.241
Make sure the vip is set to interface as any not wan1.
Then create a policy route like following:
Inncoming interface: internal Source: 0.0.0.0/0.0.0.0 Destination: 192.168.1.5/32 Outgoing interfece: internal Gateway: (blank)
Make sure this route is above of the any other policy route as policy routes are executed in sequence.
Hello,
I didn't understand all points . Can you post the result of " show static router" and " show router policy" here?
Regards,
Rafael Freire
Hi,
I put to the post.
Bart.
Bart wrote:Hi,
I put to the post.
Bart.
Can you create a police route like bellow, putting the new PBR down of the wan2 policy?
Procotol: all Inncoming interface: internal Source: 0.0.0.0/0.0.0.0 Destination: 0.0.0.0/0.0.0.0 Outgoing interfece: WAN1 Gateway: 79.10.10.241
Didn't help :(
Make sure the vip is set to interface as any not wan1.
Then create a policy route like following:
Inncoming interface: internal Source: 0.0.0.0/0.0.0.0 Destination: 192.168.1.5/32 Outgoing interfece: internal Gateway: (blank)
Make sure this route is above of the any other policy route as policy routes are executed in sequence.
Guys works perfect !
Solution:
- change virtual ip to any interface
- add policy rutes above all like:
Inncoming interface: internal Source: 0.0.0.0/0.0.0.0 Destination: 192.168.1.5/32 Outgoing interfece: internal Gateway: (blank)
Thank You a lot!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.