I don't know if this is the place for "Linksys One" issues but I'll give it a shot anyway. I have a bit of an issue and with a multi-site installation of the SVR’s and was wondering if you could lend your technical expertise to take a look at routing issue I’m having with a client. This particular client has their branch office located in Carson, CA with 6 remote branch offices nationally, with 4 of the sites being connected via a private MPLS network provided by AT&T. WE are replacing the MPLS networks at most of the branch offices with the Site-To-Site VPN’s from the SVR’s and new Internet connections at the branches with the SVR’s. However, there is one branch in Las Vegas that doesn’t have an SVR and their only connection is the MPLS. The branch offices are configured to connect back to the Carson office for network resources and go out to the Internet via the PIX firewall at the Carson office. Currently, the PIX firewall and the SVR at the Carson office are in parallel and the phone performance is being affected by all of the Internet traffic from the branch offices AND headquarters.
We are attempting to collapse the PIX firewall at the corporate office and use the SVR as the primary Internet gateway for all traffic to take advantage of the SVR’s QoS features. However, when we make the SVR the default gateway the remote branch offices can no longer go out to the Internet, although computers at the Carson office can go out to the Internet just fine. I have duplicated the route entries on the SVR from the PIX to the best of my ability and I suspect that somewhere in this process is where the problem is occurring. Let me give you the configuration parameters:
Carson Office (Headquarters)
LAN Subnet: 192.168.9.0/255.255.255.0
Default Gateway: 192.168.9.1 (Cisco MPLS Router)
PIX Firewall LAN: 192.168.9.254
PIX Firewall WAN: 220.127.116.11
SVR LAN: 192.168.9.12
SVR WAN: 18.104.22.168
Internet Default Gateway: 22.214.171.124
Las Vegas Office
LAN Subnet: 192.168.11.0
Default Gateway: 192.168.11.1
All of the computers at the Carson office are configured with the MPLS router (192.168.9.1) as their default gateway. It is configured with the PIX Firewall LAN IP (192.168.9.254) as it’s default gateway and all traffic seems to work fine with the exception of no QoS functionality. When we change the default gateway on the MPLS Router to the SVR LAN IP (192.168.9.12) the remote branches can’t go out to the Internet. I have added the routing statements (SVR Routing Table) that were in the PIX (PSC Current PIX Config) but we still have the issue. I have attached a copy of a trace route (Remote Branch Trace Comparisons) from one of the computers in the Las Vegas office to show what happens to the traffic. From the trace it shows that when the PIX is in place traffic bound for the Internet goes from the Serial Interface of the MPLS router directly to the Internet Default Gateway (126.96.36.199). However, when we make the SVR the default gateway of the MPLS Router, traffic bound for the Internet from the Las Vegas office goes from the Serial Interface of the MPLS Router to the LAN IP of the SVR and times out from there. Here in lies the problem. To the layman, everything appears to be configured correctly, but something must need to be tweaked somewhere to facilitate that connection. I’ve been on with AT&T (they used to manage the PIX and currently provide the MPLS) to see if there was something persistent with their routes that could be the problem but of course they said no.