Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Plugging in second connection kills internet access in multiwan

Status
Not open for further replies.
jsreed

jsreed

IS-IT--Management
Oct 2, 2012
2
US
I am having trouble with multiwan. When I plug my t1 router in, I lose internet. This is not a DNS issue as I am using the same public DNS for both connection.

Scenario 1: Only cable internet plugged into eth5 (external). . Internet works perfectly.

Scenario 2: T1 connection plugged into eth6 (external). Internet down.

Scenario 3: Both connected to their respective ports. Will very occasionally work but is extremely slow. The majority of times the connection times out.

I dont see many denies except for a few UDP denies. The majority of what I see is outgoing allows for HTTP to the website. It seems like a routing problem to me but Im not sure what to do to fix it.

I am using routing table mode in multiwan. My set up is as follows:

eth1 (trusted network and my local LAN)
IP: 192.168.1.1

eth5 (cable internet): (External) IP Address 10.1.1.2
Default gateway: 10.1.1.1

eth6 (T1 - cisco router): (External) IP Address 10.1.10.2
Default gateway: 10.1.10.1

I have default routes on the firebox of:
192.168.1.0/24 to 192.168.1.1
192.168.10.0/24 to 192.168.1.106 (this is a router to another subnet plugged into the same switch as the 1.X network.

Same routes are on the cisco though Im not sure that is right.

There seems to be something on the T1 router (cisco 1921) that is messing this thing up. I have the above routes added to that router but I wonder if I need something additional. When I try to browse with everything plugged in, I can see the http allows and dns allows for outbound traffic. However, I see nothing coming back in.
 
Sort by date Sort by votes
What device and firmware version is it on?

ACSS - SME
General Geek



1832163.png
 
Upvote 0 Downvote
This is an XTM505 with 11.6.1.
 
Upvote 0 Downvote
Based on your description above, it sounds like your multi-wan is setup with eth6 as your default primary route. If you can't get out with just eth6 plugged in, of course it won't work with both eth5 and eth6 plugged in.

Before you get too deep into the multi-wan setup, i'd recommend you get traffic correctly routed through eth6.

If you haven't found it yet, the multi-wan tab under network connections will allow you to change eth5 to the primary connection and you'll then be able to plug them both in at the same time and stay up and running. -- Also, under the traffic monitor you'll be able to verify what interface the traffic is going out. I'm guessing you'll see your traffic head out eth6 when both cables are plugged in.
 
Upvote 0 Downvote
Sorry, i went back and reread your post. On eth6 what do you have set as your default gateway? Do you have any static routes setup for public addressing telling the firebox what external route to take?
 
Upvote 0 Downvote
Actually, you need to make sure your dynamic NAT rule is set like <internal network/bits> - Any-External.

From the number of WGs I configured there are no default routes to set, simply due to the nature of the multiwan features in the WG.

Multiwan used policies in your policy manager to route over one connection or another.
I would simply check the policies and your multiwan configuration again.

Also are you licensed for multiwan?


ACSS - SME
General Geek



1832163.png
 
Upvote 0 Downvote
I am having the exact same issue, same hardware, 505, same firmware version, 11.6.1, (actually got a newer version from support too cs3 i believe) I have been working with support for almost a month now. This seems to be a dns issue, based on the logs I see when I have both external interfaces enabled, I cannot get dns to pass through. Pings work great, and other traffic passes fine, but all (or most) dns is denied with unhandled packet errors. I've reduced my config down to about 3 policies, dns, http proxy, and ping, then other watchguard default policies so I don't get locked out of the devices ( I have 2 setup in a fire cluster) This has to be a bug in the firmware, I'm up to about level 3 support engineer, and they don't have a clue why this is happening, I've sent them tons of log files, and configs. Using the same basic config, as soon as I disable one of the interfaces, doesn't matter which one, traffic flows perfectly. I've tried routing table, and round-robin, doesn't matter, can't get DNS to pass.
 
Upvote 0 Downvote
Saw that right after I posted. I upgraded, still same issues. Seems like there was a lot of fixes to multi-wan, thought maybe it would get fixed, but no. They must be having issues with multi-wan, that's too bad, I bought my extra cable line just for this purpose.
 
Upvote 0 Downvote
strange, we have a number of multiwan WGs out there. I did one last week with four broadband connections on it. XTM330 with a virgin media and 3 BT ADSL connections. all worked a treat. The remote site had three BT ADSL connections on an XTM25

Can you post a screen shot of your policies (redacting any sensitive info) and also your multi wan setup.




ACSS - SME
General Geek



1832163.png
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

AllenH12
  • Locked
  • Question
Bandwidth in Cisco ASA 5505
Replies
2
Views
276
AllenH12
AllenH12
mcisar
  • Locked
  • Question
Disable CHAP on PPPoE WAN connection
Replies
0
Views
142
mcisar
mcisar
Shmid
  • Locked
  • Question
Restricting Sonicwall SSL-VPN users for WAN access
Replies
7
Views
625
Shmid
Shmid
Garbear
  • Locked
  • Question
TZ190 VPN Connection works but can't ping some IP's on either side
Replies
0
Views
94
Garbear
Garbear
disturbedone
  • Locked
  • Question
proxy.pac not working correctly in IE11
Replies
0
Views
132
disturbedone
disturbedone

Part and Inventory Search

Sponsor

Back
Top