Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1369
Views
5
Helpful
20
Replies

Will having 2 default ip routes cause routing and authentication issues to secure sites?

douglas.mckee
Level 1
Level 1

‎03-30-2015 10:44 AM - edited ‎03-05-2019 01:07 AM

We are currently trying to switch from a 3MB MPLS circuit to a 100MB layer 2 connection over sonet. When I bring up the new circuit users are able to get to internet sites such as yahoo but are not able to access mail from these sites. Any other site that requires authentication doesn't seem to pass the traffic back through our network as well.

I did notice afterward that there are 2 default routes 0.0.0.0 0.0.0.0 one that goes to the old MPLS circuit and one that goes over the new Gig0/1 interface for the 100MB circuit. The ospf database is also still showing our old MPLS circuit IP address as one of the GW's instead of the ip to our new 100MB circuit. Would having 2  default routes pointing to different circuits be causing internet traffic not to flow back properly through our network?

 

NOTE: Also, I lose the abiltiy to log backin through our managment vlan but still can get to the login prompt of our 3845 router. The user traffic connected to GIG0/0 has subinterfaces for the mgmt, data and voice vlans but are not configured on the GIG0/1 to our new 100MB circuit. We are using OSPF as the routing protocol over the GIG0/1 to GIG0/1 between our (2) 3845 routers.

Labels:
0 Helpful
20 Replies 20

Jon Marshall
Hall of Fame
Hall of Fame
In response to douglas.mckee

‎03-30-2015 03:32 PM

Doug

With two default routes you could get asymmetric routing ie. traffic from the remote site router goes over MPLS to get to the internet and returns via the SONET link depending on the routing.

But if you don't have acls or firewalls in the way it really shouldn't matter too much to be honest.

Unless there is device in the main site keeping track of connections separate from the main router.

When you login to the remote router you might be going over MPLS to get there but the remote router might send your traffic back via SONET if it picks that default route.

But again unless you are doing per packet load sharing that shouldn't matter as long as the packets at the main site are not going through something like a firewall.

Does the MPLS circuit at the main site have a firewall anywhere ?

Jon

 

0 Helpful

douglas.mckee
Level 1
Level 1
In response to Jon Marshall

‎03-30-2015 06:37 PM

Jon,

After the traffic enters our 3845 router it connects directly into our core switch which is connected to our firewall and then traverses another switch  before going through yet another firewall. I might just get rid of the MPLS default route and see if traffic flows over the sonet connection but sounds like we may need to modify our firewall as well?

 

Doug

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to douglas.mckee

‎03-31-2015 02:02 AM

Doug

Apologies for the delay in replying , my ISP decided to cut me off for some reason known only to them :-)

If the traffic from the main site to MPLS goes through firewalls then yes this could be the issue because the firewalls would only see part of the connection if some traffic was being routed via MPLS and some via SONET.

If you haven't already tried it I would do as you suggested and remove the default route.

This may or may not work depending on what other routes the MPLS router has.

If the remote site is meant to use the SONET connection for all connectivity ie. to the main site and other remote MPLS sites you really need to shut down the multilink.

If it is meant to use SONET for the main site but MPLS for other remote sites you need to make sure the remote router has no routes for the main site via MPLS.

Jon

douglas.mckee
Level 1
Level 1
In response to Jon Marshall

‎03-31-2015 08:06 AM

Jon,

We will remove the default route for the MPLS on the remote site after hours either this Thursday or Friday. We will also go ahead and shutdown the multilink as well.

The Sonet connection at the main site is only being used to connect the one remote router that currently has the 3MB MPLS circuit running.

Currently looking at at the routes on the remote router to remove routes back to the main MPLS site.

You've been a tremendous help Jon! I will let you know how it goes and give you some stars by the end of the week.

 

Doug :)

 

 

 

 

0 Helpful

douglas.mckee
Level 1
Level 1
In response to douglas.mckee

‎04-03-2015 06:06 PM

Jon,

We just finished bringing up the new 100MB circuit and so far everything seems to be working well. Out of 3 media converters one was showing half duplex which was causing some issues. I went ahead and hard coded the GIG0/1 to speed 100 Full duplex and then removed the default route for the old 3MB MPLS circuit and then about 60 seconds later the traffic started to flow.

I really appreciate the many hours you spent troubleshooting this issue with me. You are a true professional and can't thank you enough. This is the first circuit I've ever stood up and you were able to articulate your knowledge and experience to me in a very concise manner. Thank You!!!!!

 

Doug

 

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to douglas.mckee

‎04-04-2015 03:42 AM

Doug

No problem, glad to help.

And good to hear it is all working.

Jon

0 Helpful
Customers Also Viewed These Support Documents