2 gateways, 2 internet connections. send certain pages to each

[kilrath81]

Here at work we were set up on a VPN through a head office. We arent a corporate store and need access to things they block. I have done custom routing on PCs that need email access to go through the second gateway but things like Cloudflare features fail when going through the VPN because they are likely blocking most ports. I have a proxy server set up on a second instance of Chrome but that is a pain in the butt if for some reason the proxy isnt running (its on a personal PC and might be turned off). There is certain pages we need to access through the VPN but we want to be able to access everything else through the second internet. 

 

So for instance we have 2 modems hooked to two seperate firewall/routers. The VPN is through a cisco which we have no access to and the second is through a sonicwall that we do have access to. I set the sonic wall to an address on the same network so that it is seen by all PCs. The VPN gateway is 10.62.84.1 and the second gateway is set to 10.62.84.253. I can forward things like email to the mail server no problem but then things like internet radio cant be run and teamviewer, dropbox/one drive/google drive have to be run through a proxy that is custom routed to go to 10.62.84.253 on all the machines. Setting custom routes for webpages by address doesnt work, so say i set google.ca ip [172.217.13.131] with a custom route through the second gateway, Chrome or Edge still send it through the VPN. If i set the machines gateway to the second internet i lose important pages that are served only on the VPN and cant get them to custom route either.

 

Is it possible to send some pages to one gateway and all others to another at the machine level?

[Michael Ducharme]

Yes, you can use your .253 router as the main default gateway and add static routes for your VPN IPs on each computer to go through .1. Please see:

 

https://www.howtogeek.com/howto/windows/adding-a-tcpip-route-to-the-windows-routing-table/

[kilrath81]

On 12/16/2019 at 5:50 PM, Michael Ducharme said:

Yes, you can use your .253 router as the main default gateway and add static routes for your VPN IPs on each computer to go through .1. Please see:

 

https://www.howtogeek.com/howto/windows/adding-a-tcpip-route-to-the-windows-routing-table/

I tried static routing but it doesnt route web pages for some reason. If i were to set a static route for example to an ip that uses telnet it will re-route to the static route i set but if that same ip has a web server it doesnt take the static route, it just goes through the default gateway.

[Michael Ducharme]

Static routing works for all traffic, including web traffic. The only time that the static route would not be used is if the browser is configured to use a proxy server.

[kilrath81]

On 12/18/2019 at 11:46 AM, Michael Ducharme said:

Static routing works for all traffic, including web traffic. The only time that the static route would not be used is if the browser is configured to use a proxy server.

To test, teamviewer.com is blocked on the primary firewall [13.95.16.245] so i made a persistent route to the second firewall and its still going through the primary and showing blocked. I'm assuming because the DNS is being handled on the primary network? Either way i havent been able to forward a web page no matter what i try but i can forward other services.

 

[Darren]

Is this not as simple as connecting all your clients to your sonicwall and having a route (on the sonicwall) for anything corporate e.g. 10.0.0.0/8 to go to the Cisco, over the VPN etc. and anything else default out through a local internet feed?

[kilrath81]

On 1/7/2020 at 1:09 AM, Darren said:

Is this not as simple as connecting all your clients to your sonicwall and having a route (on the sonicwall) for anything corporate e.g. 10.0.0.0/8 to go to the Cisco, over the VPN etc. and anything else default out through a local internet feed?

I suppose it could be, i will have to play around with it. The sonic wall has so many interconnected settings and my experience with it is very low so it might be the easiest way if i can figure it out.

 

ADDED:

 

So in my sonic wall i created an Address Object for the other firewall. Set it to LAN, HOST and set its address to 10.62.87.1

 

I created an address object for the web site i need to go through that gateway as WAN, HOST, and its ip address. 

 

I then created a route policy that is set as:

Source: any

Destination: <website address object>

Service: any

Gateway: <other firewall address object>

Interface: X0 (Second Faster WAN is on X1 and Lan is on X0. no other ports used)

Metric: 5 (everything else is 20 so should take priority)

 

Still wont route that page to the other WAN. I did a test one for a page that does load on both and then did a trace route to test if anything is causing the page to hop through the internal vpn through the corporate internet but it always routes through our own ISP. 

 

One of the big reasons we want to do this is not only because they block our email server but also a few other services we use but the vpn is a 2mbit connection and our own internet is 40 so we get some serious slow downs.

 

[kilrath81]

i cracked it with your answer on doing all addressed in one object and i had to use our internal DNS Server. I didnt think about it to now, trying to get an internal page based on a name address not ip address, the DNS would have to be handled by the internal DNS server to resolve the ip.