Triple site-to-site problem

RFrei

We have 3 sites, each with a nsg 100. Two of them are connected to a fritzbox. The other one is behind a "Digitalisierungsbox", a router of a german manufacturer.
 
They are all connected site-to-site. 
The site with the Digitalisierungsbox is connected to both of the other sites and it's working fine. The other two sites can also access the network of this site. So no problems here.

The sites with the two fritzboxes are having issues, though. They are listed as connected but barely have any traffic and if I run "advanced IP Scanner" on the foreign networks subnet (or try to ping it) it finds nothing. Sometimes it shows the foreign nsg100 gateway but often just for a few seconds...


So to summarize, site 1 has access to site 2 and 3. Site 2 and 3 can access site 1. But Site 2 can't access Site 3 and vice versa.

Zyxel_Jason

Hi @RFrei ,

After reviewing and comparing the setting on both sites, I notice WAN1 of Sleepy Dillingen is in 192.168.178.0/24 which is the same as LAN1 of Invite Nürnberg.
May you change the subnet of LAN1 in Invite Nürnberg to another subnet and check the issue is resolved?

Thanks.

Zyxel_Jason

Hi @RFrei ,

Welcome to Zyxel Community!

To identify your problem, please help to enable Zyxel Support at Help > Support request page and share your organization/site name here, so we can access your organization and check the configuration on your NSG.

Thanks.

RFrei

Hi @Nebula_Jason,

thank you for your time. I enabled Zyxel support request. The organization name is called "DHC" and the affected sites are called "Metropol Nürnberg", "Invite Nürnberg" and "Sleepy Dillingen".

Site Metropol Nürnberg would be mapped to site 1 in my first explanation. So traffic from and to this site is working. The other two sites, Invite Nürnberg and Sleepy Dillingen, can't communicate with each other.

Thanks in advance.

Zyxel_Jason

Hi @RFrei ,

May I know if the public IP of WAN 2 in Sleepy Dillingen is 88.X.X.X and WAN 1 is 93.X.X.X?
And, is the fritzbox router connecting to WAN2?

Thanks.

RFrei

@Nebula_Jason

Sorry for the delayed answer. Wan2 is 88.x.x.x and wan1 should be 93.x.x.x, although wan1 is used for nothing.
The fritzbox router is connected to Wan2 with 88.x.x.x public IP. 

Zyxel_Jason

Hi @RFrei ,

After reviewing and comparing the setting on both sites, I notice WAN1 of Sleepy Dillingen is in 192.168.178.0/24 which is the same as LAN1 of Invite Nürnberg.
May you change the subnet of LAN1 in Invite Nürnberg to another subnet and check the issue is resolved?

Thanks.

RFrei

Ok... So since WAN1 of Sleepy Dillingen wasn't used anyway, I went ahead and gave it a static IP in the local GUI. Instead of changing the LAN1 subnet of Invite Nürnberg - which would've been a headache since a lot of terminals there are dependent on static IPs. 

And lo and behold! It works!
We have had this problem now for at least a month... So thanks a lot @Nebula_Jason, you really helped us out!