Hi Guys,
Maybe I didn't get the right configuration but after I setup a site to site tunnel between two MX over Internet, hosts sitting behind these two MX can't access Internet any more.
I can see remote site routes on both ends, and hosts can talk to each other. Just not sure where to configure to resume Internet access.
Thanks.
Solved! Go to solution.
Thank you guys for the input.
I've found it by following your thoughts. It's about the routes and mis-configuration of Exit Hub.
Thank you all.
If one of them is a spoke make sure you haven't select the default route option.
Under Security and SD-WAN/Site-To-Site-VPN make sure you have not defined any "Site-to-site outbound firewall" rules.
Failing that, can you ping by IP address, for example does "ping 8.8.8.8" work from a workstation?
If that works, can you ping using DNS, for example does "ping www.google.com" work from a workstation?
Thanks for the reply, Philip.
The thing is we need a full mesh topology and all sites have their own Internet resource.
So there is no spoke site. And at each site I see more then one default routes.
One points to WAN uplink (Internet), others point to remote VPN sites. But I don't know how to remove the unnecessary ones.
And Site-to-Site outbound firewall has one default policy allowing everything.
Using all hub sites is fine.
Have any of the sites got a static default route configured? If so click on them and untick "Include in VPN".
No static route at this point, hosts are directly attached to MX.
Under Security & SD-WAN got to the tab below and check which routes are advertised over the VPN, if your default route is here then change it to VPN off in the circled drop-down:
Thank you guys for the input.
I've found it by following your thoughts. It's about the routes and mis-configuration of Exit Hub.
Thank you all.
Helpful
I was also facing same issue but now it is fixed.
Thank you.