Skip to main content

Configure Own Gateway (default route)

  • These instructions apply to Enterprise Connect versions S, M, L and XL.
  • With an active default route, all IP packages whose destination sub-network is not directly contained in the routing table are routed to the specified location and configured private IP address (respectively to the configured VLAN for OSPF or BGP) (in the example: to 192.168.4.111).
  • The default route usually points to a customer-specific router/firewall via which the traffic is routed to the Internet.
  • If there is already a default route in the connected LAN-I network (e.g. to the Internet via IP-Plus), this is also automatically active in the Enterprise Connect network and does not have to be separately configured.
  • To networks that are connected to the VPN (e.g. external clouds such as Azure or AWS, Swisscom internal clouds such as DCS+ or ESC, IPSec VPNs (Site-to-Site) or LAN-I), the manually configured default route is not propagated.
  • Exceptions: The default route is propagated to clouds that are connected directly to the VPN via Sattelite Cloud.
  • It is not propagated if a cloud is connected via Security >VPN 2 VPN Links.
  • A default route is always propagated to the LAN-I service.
  • In the future, it will be possible to create a configuration for such networks in order to be able to use such a default route.

plot

  • To configure a default route, you must create your own Default Route VLAN at the location where the default route is to terminate.
  • This can be configured in the same way as a normal VLAN and you can also place normal LAN clients there.
  • In the VPN where a default route is activated, you should configure your own Internet access as DNS and not the Cloud Gateway IP address.
  • Default routes affect an entire VPN.
  • Per VPN, the termination of a default route can be configured at exactly one Enterprise Connect S location, at one Enterprise Connect M/L/XL location or at two Enterprise Connect M/L/XL locations.
  • The combination of one Enterprise Connect S location and one Enterprise Connect M/L/XL location is not supported.

Current restrictions

  • If you have the LAN option active, you cannot activate a default route on the VPN corp.
  • Managed LAN cannot operate 802.1x at the default route location. Managed LAN can be fully used at all other locations.
  • You cannot use the Swisscom Smart ICT service on the VPN where you have configured a default route.
  • If you have configured the default route on the VPN corp, you must configure the Cloud Gateway IP address as the default gateway for all devices operated by Swisscom (telephones, TV and Voice Trunk) (in the example 192.168.4.1 and 192.168..31). This is the only way to ensure functionality and QoS.
  • Devices managed by Swisscom must not be in the same VLAN as the default route. This includes IP telephones or TV.
  • This restriction only applies at the location where the default route is terminated.
  • If you have configured a default route on a VPN, you can no longer use these services:
    • S-NAT/S-PAT on this VPN
    • Central Internet on this VPN

Enterprise Connect S - Configure Default Router per VPN

  • A default route is configured at Location > VLANs
  • Configure the gateway IP address here.
  • In the example, this would be 192.168.4.111.
  • The Customer Router/Firewall IP address is the IP address that you have configured on your own router/firewall.

At the Own Gateway location

  • You must note the following Firewall settings for the corresponding VPN:
  • Enter the return routes for all secondary locations.
  • Enter the return route for the Swisscom management traffic: 100.67.0.0/16 (otherwise certain current and future Swisscom services such as LAN, DNS, telephony, RAS etc. do not work).
  • Make sure that the firewall permits NAT on this network.

LAN setup on Own Gateway location (where the default route terminates)

  • For the LAN devices such as laptop, PC, server, printer etc., you must configure the private (LAN) IP address of the firewall as the default gateway (in the example: 192.168.4.111).
  • This ensures that the Internet data traffic does not place undue load on the access line of this location.
  • For all devices operated by Swisscom (LAN switches and access points, telephones, TV and voice trunk), you must configure the cloud gateway IP address as the default gateway (in the example: 192.168.4.1). This is the only way to ensure functionality and QoS.
  • You must not connect the Enterprise Connect SIP-Trunk (PBX) directly to the firewall.
  • If the Enterprise Connect SIP-Trunk is connected to the Centro Business Router via a switch, the switch can only be inserted on the Centro Business. The switch must not be simultaneously connected to the firewall and Centro Business.

Enterprise Connect M/L/XL - Configure Default Router per VPN

  • Configure a default route under Locations > Connected VPNs.
  • Specify whether this location should be the primary or secondary default gateway of the VPN.
  • If you want to import the default route via OSPF or BGP, no further configuration is necessary.
  • OSPF or BGP must only be activated at this location on a VLAN of the VPN.
  • If you want to configure a static default route, configure it under VPN > LAN Routes (i.e. not under 'Locations').
  • Create a route to the location by entering the gateway IP address.
  • In the example, this would be 192.168.4.111.