We've got multiple routers in our organisation and i can't get routing working as expected.
- We have a limited number of public ip addresses which I will call 100.x.x.x/28
- We have internal address space 172.16.x.x. Each router owns a /24 block for internal routing.
- We have OSPF running under area 1 for all interfaces
We have the following routers.
R1 - border router with NAT - 172.16.1.0/24. Has a public ip on 100.x.x.13 with a default gateway of 100.x.x.9 and routes internet to the rest of the network. In this example, 100.x.x.13 is an ip address i control, whereas 100.x.x.9 is outside out network and belongs to our ISP.
R2 - 172.16.2.0/24
R3 - 172.16.3.0/24 hub router. This router connects to R2, R4 and R5
R4 - 172.16.4.0/24 (int g1) connects to internal VLAN (int g2)- 172.16.0.24.
R5 - 172.16.5.0/24. This router connects to R3. We would like to connect a VPN to this router to Azure. Behind this VPN there is an additional network with multiple VMs.
For this we need to use one of our public IPs. We therefore assigned 100.x.x.14 to the outside interface (int g 2). It has a gateway of 100.x.x.9 just like the ip address on R5. However, we don't want this R5 interface 2 to be used for general internet traffic. it is only supposed to be used for VPN traffic.
The problem is this.
If R5 int g2 is in a shutdown state, NAT works correctly throughout the network. Specifically computers on the 172.16.0.0/24 network that are using R4 as a gateway are able to browse the internet going through R4, R3, R2 and R1 (which is the border router).
However, when I bring R5 int g2 up (i.e. the interface which has a public ip on it), but which I don't to use as a default gateway, i find that internet traffic on the internal 172.16.0.0/24 network stops. When i run a traceroute, I find that traffic is trying to go out via R4, R3, R5 instead.
So the question is, would can i force traffic via R1/Nat router rather than R5?
thanks
