D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: JayCee on September 24, 2009, 04:41:08 PM

Title: DMZ as WAN2 for dedicated VPN
Post by: JayCee on September 24, 2009, 04:41:08 PM

Hi there,

I've got a DFL-210 and I've been trying to wrap my head around the manual, but I was hoping someone could just help me with a shortcut on how to achieve the following:

WAN1 is to be a bridged mode PPPoE for all internet traffic
DMZ is to be WAN2, also bridged mode PPPoE but it's to be dedicated solely for a VPN tunnel to another site.

I've already created the IPsec tunnel interface, so I really just need some clarification on what else needs to be done to ensure that only traffic destined for the VPN tunnel is routed via WAN2 (DMZ).

The router's LAN IP is 192.168.1.253.
The subnet on the LAN is 192.168.1.x
The subnet in the remote office via VPN is 192.168.3.x

Thanks in advance!

Title: Re: DMZ as WAN2 for dedicated VPN
Post by: Fatman on September 25, 2009, 09:50:13 AM

If you want to be real sure write the main routing table with WAN2 first and write a routing rule so that all outbound traffic is routed over a secondary routing table that does not even list WAN2.

Title: Re: DMZ as WAN2 for dedicated VPN
Post by: JayCee on September 25, 2009, 10:06:15 PM

Thanks for the advice, but I was hoping for a bit more of a "go to this screen, do this" step by step instruction if you had the time...

Title: Re: DMZ as WAN2 for dedicated VPN
Post by: JayCee on September 29, 2009, 09:21:52 PM

Anyone? I'm having trouble understanding the routing tables and routing rules...

Right now I have the following interfaces set up:

Ethernet

• lan
  wan1
  wan2

IPsec

• Narellan_VPN (the VPN to the remote office)
  

PPPoE

• ADSL_Main
  ADSL_VPN
  

What needs to be done in routing to ensure that only traffic to and from Narellan_VPN traverses wan2?

Title: Re: DMZ as WAN2 for dedicated VPN
Post by: JayCee on October 07, 2009, 09:10:47 PM

Pretty please with sugar on top?

Title: Re: DMZ as WAN2 for dedicated VPN
Post by: Fatman on October 15, 2009, 09:52:25 AM

You need 2 routing tables, one with WAN1 as it's default gateway and one with WAN2.  I would make the default table the one with the WAN2 so that your VPN management becomes easier.

Then you will need to write a routing rule specifying that all outbound traffic should use the table which uses the WAN1 gateway.

Then ensure that your IP rules will support your normal traffic egressing out WAN1 (and perhaps that there aren't rules allowing it to egress out WAN2).

Then you should be gold.

What part of this process do you not understand or need help with?