MPLS Routing Issue

Actually it is most likely in your gateway if that is your firewall then yes you may. Need to see the routing table for the switch and the gateway and maybe some configs if possible. Looks like a quick fix though.

Yes my firewall 192.168.3.1 is the gateway for Site1.  Please see
Layer 3 Switch routing table below...

Total Number of Routes  5      

   
Network Address Subnet Mask  Protocol Next Hop Int  Next Hop Ip Address    

0.0.0.0                   0.0.0.0            Default       vlan2          10.10.10.1  
10.10.10.0       255.255.255.252   Local         vlan2          10.10.10.2  
10.10.10.4       255.255.255.252   Static        vlan2          10.10.10.1  
100.100.101.0 255.255.255.0       Static        vlan2          10.10.10.1  
192.168.0.0     255.255.0.0           Local         vlan1          192.168.3.13

Please see Gateway/Firewall table below.. (FYI the 192.168.3.13 address is the local address for the Layer 3 Switch 10.10.10.2.

 Source  Destination                 Service  Gateway  
 1 Any   255.255.255.255/32     Any     0.0.0.0
 2 Any   Default Gateway           Any     0.0.0.0      
 3 Any   206.248.235.0              Any     0.0.0.0      
 4 Any   10.10.10.4                    Any    192.168.3.13      
 5 Any   10.10.10.4                    Any    192.168.3.13      
 6 Any   WAN Primary Subnet     Any     0.0.0.0      
 7 Any   100.100.101.1              Any    192.168.3.13    
 8 Any   X3 Subnet                     Any     0.0.0.0      
 9 Any   LAN Primary Subnet      Any     0.0.0.0      
 10 WAN  Primary Subnet          Any   Default Gateway      
 11 Any  0.0.0.0/0                      Any    209.145.94.89

Where is 10.10.10.1. Is it another interface on the firewall?

The 10.10.10.1 router/gateway that the ISP owns.

It is not an interface on my firewall.  The 10.10.10.1 connects to my layer 3 switch  10.10.10.2

The simple answer is that 10.10.10.1 thinks that 10.10.10.2 has a better default route to the Internet then it does. I would have to see the routing table on it before I could tell you why.

ok.....10.10.10.2 should have the better default route to the internet.  Is there a route that I can add to 10.10.10.2 that will take it out to the internet over my firewall at 192.168.3.1?  

First you need to remove the default route that points to 10.10.10.1 then add one that points to your firewall. Use these commands and that should do it. Let me know how it works!

no ip route 0.0.0.0 0.0.0.0 10.10.10.1
ip route 0.0.0.0 0.0.0.0 192.168.3.13

When I to add this route to the layer3 switch,  I get the following error...

The specified static route net hop router address is invalid.

Please advise?

I am currently writing this post from Site2 via the Internet.  Thank You very much for your help.

I only have one more issue to clean up.  At Site1 I have a DHCP server setup for the 100.100.101.x network.  At Site2 my router has an ip helper that I have setup to point to 192.168.3.2 which is my DHCP server at Site1 but I can not seem to get assigned an IP from the scope on a machine in Site2. I will setup another question thus if you have any ideas that solve this problem you will also be awarded points.

Thank You!

This post is coming from Site 2.  Perfect solution!

Thank You!