Hello ALL,
my MT OSPF routed backbone is running well and basically there is not problem. Within my OSPF cloud I whant to connect a customer private network. This network should be masqueraded and tunneled to my central firewall to offer internet access. This is working fine as long as I route the traffic via my ospf based backbone. But customer should not see my backbone and should be directly connected via a EoIP tunnel to my firewall (EoIP tunnel will be terminated on a MT router ethernet interface connected to the fw).
So I have set up a EoIP tunnel to the ehernet interface of one of the MT routers connected directly to the firewall. On the router where my customer network (192.168.100.0/24) is connected I have set up a dhcp cliend and will assigen the IP address to the EoIP tunnel interface and masqerade the traffic comming from the customer network (192.168.100.0/24).
Problem:
When the dhcp client will get a ip (DHCP IP range 10.222.0.64/28) through the EoIP tunnel from my central firewall assigned, the routing distance of the interface is like a local connected interface with the value of 0. And because the assigned IP is out of the same IP range from my firewall as the IP adresses from some other MT routers of the OSPF cloud the local router will rout some out of the cloud traffic through the EoIP tunnel because the routing distance looks like lower for the router.
Challenge:
I cannot change really the setup of the firewall right now. So I need a solution how I can masquerade and tunnel the customer network to my firewall and hide my OSPF routed backbone. But only ther traffic came from and to the customer network should be routed through the EoIP tunnel.
Please find an example of a network attached.
Any idea how I can solve this issue?
