Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Network failover using MPLS and comcast on a sonicwall NSA 2400

Posted on 2010-08-12
5
Medium Priority
?
2,071 Views
Last Modified: 2012-08-03
I have a sonicwall nsa 2400,  we just installed a new MPLS line into the organization but have not completed the setup due to some technical difficulties either between my tech staff or the ISP.  none the less, I have a dedicated internet connection at 2 sites, we will call this one x1.  x1 is on 'comcast' and has a site to site vpn running.  We are adding a MPLS circuit, that has both a WAN connection for internet connectivity, and a MPLS circuit.  We can call this one x2.

The isp has 2 ports on the supplied router, 1 for the 'WAN' and 1 for the MPLS.   The WAn side is connected directly to the Sonic wall port x2, and they (the isp) has us plugging the MPLS port into our main switch.

The ISP says they can ping across the mpls circuit into the organization, but we cannot get traffic to run over the MPLS circuit from inside the org.

The site to site on the X2 connection is working over the internet via a secondary IP setup on the VPN connection, but not over the MPLS.

Any ideas?  Am I missing a route? should I be making a new LAN port on the sonic wall for the MPLS?  I am stumped and getting friction from the ISP to make decisions.

Thanks in advance.

Cvv
0
Comment
Question by:cvvood
  • 3
  • 2
5 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 1000 total points
ID: 33423707
you need something that will route to the interface of the MPLS.  what you should do is setup another interface on the sonicwall (if you have any interfaces left).  Call it MPLS or something.  Connect it to the sonicwall and come up with a unique subnect.  Will the MPLS just route whatever you put on the line?  If so, then you can use whatever subnet you want.  as the interface of the MPLS interface on the sonicwall.  So, MPLS interface is 10.10.1.1/24...let's say.  On the other end of the MPLS, you'd have 10.10.1.2/24.  So, at the other end, your primary subnet is 192.168.2.0.  On the sonicwall end, you have a route such that anything needing to get to 192.168.2.0/24 use 10.10.1.2 as the gateway.
0
 
LVL 17

Assisted Solution

by:pergr
pergr earned 1000 total points
ID: 33932305
You can also keep the MPLV VPN port connected to the switch, and then have the ISP configure an IP from your LAN subnet on it. Next, you would put a static route on the Sonicwall pointing the remote network to go via the that new IP.

I believe the best way forward is to ask the ISP about what IP addressing and routing they have configured.
0
 
LVL 33

Assisted Solution

by:digitap
digitap earned 1000 total points
ID: 33932382
@pergr :: my only concern there is creating a dependency on the ISP for you internal network to function properly.  if there is ever a change on their end (which they are not required to notify us when or before they make it), then this could cause disruption.  also, if we need a change, then we must wait on them to implement the change.  either of those scenarios, can take hours or days to complete.  i've seen it happen.  thoughts?
0
 
LVL 17

Assisted Solution

by:pergr
pergr earned 1000 total points
ID: 33932888
Well, I used to work at an ISP - with these sort of things.

I think the best advice would be to choose a good ISP..., and a good design. If you want to be able to make changes without waiting for them, then choose a dynamic routing protocol (probably BGP) so that if you want to add new subnets at one site you will advertise them yourself and the ISP do not need to make any changes for them to appear on the other side of the VPN.
0
 
LVL 33

Expert Comment

by:digitap
ID: 34371957
thanks for the points!
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question