Solved

Network failover using MPLS and comcast on a sonicwall NSA 2400

Posted on 2010-08-12
5
1,996 Views
Last Modified: 2012-08-03
I have a sonicwall nsa 2400,  we just installed a new MPLS line into the organization but have not completed the setup due to some technical difficulties either between my tech staff or the ISP.  none the less, I have a dedicated internet connection at 2 sites, we will call this one x1.  x1 is on 'comcast' and has a site to site vpn running.  We are adding a MPLS circuit, that has both a WAN connection for internet connectivity, and a MPLS circuit.  We can call this one x2.

The isp has 2 ports on the supplied router, 1 for the 'WAN' and 1 for the MPLS.   The WAn side is connected directly to the Sonic wall port x2, and they (the isp) has us plugging the MPLS port into our main switch.

The ISP says they can ping across the mpls circuit into the organization, but we cannot get traffic to run over the MPLS circuit from inside the org.

The site to site on the X2 connection is working over the internet via a secondary IP setup on the VPN connection, but not over the MPLS.

Any ideas?  Am I missing a route? should I be making a new LAN port on the sonic wall for the MPLS?  I am stumped and getting friction from the ISP to make decisions.

Thanks in advance.

Cvv
0
Comment
Question by:cvvood
  • 3
  • 2
5 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
ID: 33423707
you need something that will route to the interface of the MPLS.  what you should do is setup another interface on the sonicwall (if you have any interfaces left).  Call it MPLS or something.  Connect it to the sonicwall and come up with a unique subnect.  Will the MPLS just route whatever you put on the line?  If so, then you can use whatever subnet you want.  as the interface of the MPLS interface on the sonicwall.  So, MPLS interface is 10.10.1.1/24...let's say.  On the other end of the MPLS, you'd have 10.10.1.2/24.  So, at the other end, your primary subnet is 192.168.2.0.  On the sonicwall end, you have a route such that anything needing to get to 192.168.2.0/24 use 10.10.1.2 as the gateway.
0
 
LVL 17

Assisted Solution

by:pergr
pergr earned 250 total points
ID: 33932305
You can also keep the MPLV VPN port connected to the switch, and then have the ISP configure an IP from your LAN subnet on it. Next, you would put a static route on the Sonicwall pointing the remote network to go via the that new IP.

I believe the best way forward is to ask the ISP about what IP addressing and routing they have configured.
0
 
LVL 33

Assisted Solution

by:digitap
digitap earned 250 total points
ID: 33932382
@pergr :: my only concern there is creating a dependency on the ISP for you internal network to function properly.  if there is ever a change on their end (which they are not required to notify us when or before they make it), then this could cause disruption.  also, if we need a change, then we must wait on them to implement the change.  either of those scenarios, can take hours or days to complete.  i've seen it happen.  thoughts?
0
 
LVL 17

Assisted Solution

by:pergr
pergr earned 250 total points
ID: 33932888
Well, I used to work at an ISP - with these sort of things.

I think the best advice would be to choose a good ISP..., and a good design. If you want to be able to make changes without waiting for them, then choose a dynamic routing protocol (probably BGP) so that if you want to add new subnets at one site you will advertise them yourself and the ISP do not need to make any changes for them to appear on the other side of the VPN.
0
 
LVL 33

Expert Comment

by:digitap
ID: 34371957
thanks for the points!
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question