Solved

Network failover using MPLS and comcast on a sonicwall NSA 2400

Posted on 2010-08-12
5
1,956 Views
Last Modified: 2012-08-03
I have a sonicwall nsa 2400,  we just installed a new MPLS line into the organization but have not completed the setup due to some technical difficulties either between my tech staff or the ISP.  none the less, I have a dedicated internet connection at 2 sites, we will call this one x1.  x1 is on 'comcast' and has a site to site vpn running.  We are adding a MPLS circuit, that has both a WAN connection for internet connectivity, and a MPLS circuit.  We can call this one x2.

The isp has 2 ports on the supplied router, 1 for the 'WAN' and 1 for the MPLS.   The WAn side is connected directly to the Sonic wall port x2, and they (the isp) has us plugging the MPLS port into our main switch.

The ISP says they can ping across the mpls circuit into the organization, but we cannot get traffic to run over the MPLS circuit from inside the org.

The site to site on the X2 connection is working over the internet via a secondary IP setup on the VPN connection, but not over the MPLS.

Any ideas?  Am I missing a route? should I be making a new LAN port on the sonic wall for the MPLS?  I am stumped and getting friction from the ISP to make decisions.

Thanks in advance.

Cvv
0
Comment
Question by:cvvood
  • 3
  • 2
5 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
ID: 33423707
you need something that will route to the interface of the MPLS.  what you should do is setup another interface on the sonicwall (if you have any interfaces left).  Call it MPLS or something.  Connect it to the sonicwall and come up with a unique subnect.  Will the MPLS just route whatever you put on the line?  If so, then you can use whatever subnet you want.  as the interface of the MPLS interface on the sonicwall.  So, MPLS interface is 10.10.1.1/24...let's say.  On the other end of the MPLS, you'd have 10.10.1.2/24.  So, at the other end, your primary subnet is 192.168.2.0.  On the sonicwall end, you have a route such that anything needing to get to 192.168.2.0/24 use 10.10.1.2 as the gateway.
0
 
LVL 17

Assisted Solution

by:pergr
pergr earned 250 total points
ID: 33932305
You can also keep the MPLV VPN port connected to the switch, and then have the ISP configure an IP from your LAN subnet on it. Next, you would put a static route on the Sonicwall pointing the remote network to go via the that new IP.

I believe the best way forward is to ask the ISP about what IP addressing and routing they have configured.
0
 
LVL 33

Assisted Solution

by:digitap
digitap earned 250 total points
ID: 33932382
@pergr :: my only concern there is creating a dependency on the ISP for you internal network to function properly.  if there is ever a change on their end (which they are not required to notify us when or before they make it), then this could cause disruption.  also, if we need a change, then we must wait on them to implement the change.  either of those scenarios, can take hours or days to complete.  i've seen it happen.  thoughts?
0
 
LVL 17

Assisted Solution

by:pergr
pergr earned 250 total points
ID: 33932888
Well, I used to work at an ISP - with these sort of things.

I think the best advice would be to choose a good ISP..., and a good design. If you want to be able to make changes without waiting for them, then choose a dynamic routing protocol (probably BGP) so that if you want to add new subnets at one site you will advertise them yourself and the ISP do not need to make any changes for them to appear on the other side of the VPN.
0
 
LVL 33

Expert Comment

by:digitap
ID: 34371957
thanks for the points!
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

Let’s list some of the technologies that enable smooth teleworking. 
If your business is like most, chances are you still need to maintain a fax infrastructure for your staff. It’s hard to believe that a communication technology that was thriving in the mid-80s could still be an essential part of your team’s modern I…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now