Hello,
I'm having the following issue.
I currently have 3 sites, Montreal, Toronto and Vancouver.
Montreal (our HQ) is equiped with a Meraki MX68, 2 domain controllers (DNS and DHCP 10.69.11.0/24).
Vancouver has an MX64 (DHCP 10.69.12.0/24).
Toronto has an old Cisco RV220 (DHCP 10.69.10.0/24).
I have setup site to site connection between the sites.
Montreal DNS is setup in Toronto and Vancouver DHCP.
In Montreal, on my DNS server, I have a zone that point to an Azure location.
From Montreal, I have no issue, I can get to it without a problem.
After I installed the Toronto connection, I realized I couldn't reach the Azure location from there because I don't have a DNS server there. I workaround the isue by creating a static route in the firewall that forced to use the WAN interface to go to the azure location.
That worked very good so far.
After I've installed the MX64 in Vancouver, I have tried to do the same thing, but unfortunately, the device does not allow to create a route that is not in an existing subnet
So currently, I cannot reach my Azure location from Vancouver.
I get stuck at my gateway
@Alain_Bensimon looking at the working site, the subnet mask looks incorrect as you are sending 10.anything to the gateway, luckily more specific routes are probably overriding this, but did you mean to do that?
For the MX64 in Vancouver do you have a direct connection to Azure on the 207 address? I am confused as to why you aren't using the same 66. address?
So I assume that you call working site is Toronto, but no, that is the only static route I have, and it is just made to force the router to use the wan connection and it's gateway.
Regarding the MX64, the 66.11.93.166 is the IP address of the Cisco RV220 Gateway of Toronto, and 207.194.41.1 is the gateway address of Vancouver's MX64.
I'm just trying to replicate what I did in Toronto.
Thanks @Alain_Bensimon if you are setting a route to use the WAN connection for an unknown subnet, what is the default route at each site?
this my Toronto's routing table
The route with a red X is doing nothing as the one below covers it, I am not sure why the highlighted routes are there, do you know?
I have no clue. I guess it was already there. Anyway, I'm planning to replace that router with an MX68 that I already have ready, but prior to it, I have to ensure that I fix the issue I have in vancouver because the same issue will come in Toronto as well.
How do you connect 10.200.x.x because its a private range so its not reachable on the internet. You have some kind of vpn or private wan to azure somewhere?
In case its a static route in Montreal then you have to advertise that route into your autovpn
In have a zone on my domain controller in Montreal.
ifs.*****gro.com
when Vancouver's clients get their DHCP, one of the name servers is the IP address of that DC, so they are looking into that DNS records and get stuck.
If I disable that name server in the DHCP, then the clients go through the Internet with no problem, but then they can't resolve Montreal resourcese's names.
How does Montreal route to 10.200.x.x?
well, I assume that since I have my DC and DNS on site, it finds it's route.
By the way, if I modify the hosts file of Vancouver's clients, it works, but I would prefer a better way.
If you ping one of the hosts in the *gro.com domain from Vancouver do you get different IP addresses with and without the Montreal DNS server active?
well, if I disable the Montreal DNS, Vancouver can only ping IP adresses, no names.
Do the clients in Montreal only have the one DNS server (the same one that Vancouver has)?
yes
I think you might have a DNS entry for something in Azure on your DNS server that conflicts with what is seen when you bypass it. Would that be the case and if so does it need to be there for the azure host to work from the Montreal site?
in my Montreal DNS server, I have this:
I'm pretty sure that If I had a DC in Vancouver, I wouldn't have that issue.