Divert traffic out of MPLS Network?

LingerLonger
LingerLonger used Ask the Experts™
on
I have an existing multi-site MPLS network that we are in the process of dismantling. Individual circuits are being placed in each site, with a Cisco ASA at the edge of each site. Models vary based on site size. As sites come online with the individual circuits, I hope to create a VPN tunnel from each branch site to the main site. During the dismantling process, the MPLS network will stay in place, effectively creating two ways out of each site.
What I am looking to do is reroute traffic from the MPLS network (which uses EIGRP to announce routes) over the VPN tunnels, as each of these branch sites come online. Rather than having internal traffic route over the MPLS, as it knows that route to be available, I want the branch site's traffic to use the VPN tunnel.
Cisco switches at the edge of the branch sites typically have EIGRP running, and I can see all of the learned routes in their routing tables. Can I simply specify a route for the networks I am interested in diverting to the VPN tunnel to overwrite the Dynamic route with a Static route?
If there are more questions, please ask, and I'll do my best to answer. I know Cisco, but I'm not a Cisco guy.
network-diagram-simple-ee.jpg
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Hi,

How many routers do you have at each site? How many sites do you have?

Author

Commented:
Each site has one router to the MPLS network, and a Cisco ASA to the new circuit.
Right now, I'm just trying to plan the Main Site and first Branch Site. There are three or four other Branch Sites in the MPLS network now, which will be transitioned out over time.
I realize it would be much easier to just kill the MPLS entirely, so none of the traffic tries to take that path, but it's not possible.
Do you manage the MPLS CE routers?
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
No, those are managed by the ISP.
Which router is the default gateway at each site?

Author

Commented:
The ASAs have been defined as the default gateways. However, with EIGRP running, the switches that have this configuration also know that sending traffic to the 172.16.x.x network can be accomplished via the 172.16.x.1 MPLS router. This has been learned dynamically via EIGRP. Can I define a route for that network to force it to the ASA - ip route 172.16.x.x 255.255.252.0 172.16.x.254? That's generalized with the x's, as I would have to change each remote site's route statement to correspond to the specific network, and would need to create multiple route statements at the main site, as each remote site comes online.
Yes, on a cisco router a static route to the same network will have a lower administrative distance by default and will be used before an EIGRP learned route.

Author

Commented:
So, the switches near the MPLS, and most likely the one that can see both paths (MPLS and ASA to new circuit) would need that route to make this work, right? Once the traffic hits the ASA, will it be smart enough to throw the traffic at the VPN tunnel? I have a supernetted route for 172.16.0.0 255.240.0.0 on the ASA to throw "Inside" traffic to the inside interface of the ASA.
Each PC on your network will have a default gateway configured for the subnet that they are connected to. This is the router that the PC will send off-subnet traffic to. So you need to define the routes on this router.

Author

Commented:
Right. That Router Address is defined as the IP of a Catalsyt 3550 switch in my environment.
Give me a little time to play with this, but you have confirmed what I was figuring on having to do. If anything pops up while I'm testing/reconfiguring, I'll post back. If not, it means it was successful, and you'll see points coming.
Thanks.

Author

Commented:
Worked like a charm.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial