Solved

Network failover using MPLS and comcast on a sonicwall NSA 2400

Posted on 2010-08-12
5
2,028 Views
Last Modified: 2012-08-03
I have a sonicwall nsa 2400,  we just installed a new MPLS line into the organization but have not completed the setup due to some technical difficulties either between my tech staff or the ISP.  none the less, I have a dedicated internet connection at 2 sites, we will call this one x1.  x1 is on 'comcast' and has a site to site vpn running.  We are adding a MPLS circuit, that has both a WAN connection for internet connectivity, and a MPLS circuit.  We can call this one x2.

The isp has 2 ports on the supplied router, 1 for the 'WAN' and 1 for the MPLS.   The WAn side is connected directly to the Sonic wall port x2, and they (the isp) has us plugging the MPLS port into our main switch.

The ISP says they can ping across the mpls circuit into the organization, but we cannot get traffic to run over the MPLS circuit from inside the org.

The site to site on the X2 connection is working over the internet via a secondary IP setup on the VPN connection, but not over the MPLS.

Any ideas?  Am I missing a route? should I be making a new LAN port on the sonic wall for the MPLS?  I am stumped and getting friction from the ISP to make decisions.

Thanks in advance.

Cvv
0
Comment
Question by:cvvood
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 33

Accepted Solution

by:
digitap earned 250 total points
ID: 33423707
you need something that will route to the interface of the MPLS.  what you should do is setup another interface on the sonicwall (if you have any interfaces left).  Call it MPLS or something.  Connect it to the sonicwall and come up with a unique subnect.  Will the MPLS just route whatever you put on the line?  If so, then you can use whatever subnet you want.  as the interface of the MPLS interface on the sonicwall.  So, MPLS interface is 10.10.1.1/24...let's say.  On the other end of the MPLS, you'd have 10.10.1.2/24.  So, at the other end, your primary subnet is 192.168.2.0.  On the sonicwall end, you have a route such that anything needing to get to 192.168.2.0/24 use 10.10.1.2 as the gateway.
0
 
LVL 17

Assisted Solution

by:pergr
pergr earned 250 total points
ID: 33932305
You can also keep the MPLV VPN port connected to the switch, and then have the ISP configure an IP from your LAN subnet on it. Next, you would put a static route on the Sonicwall pointing the remote network to go via the that new IP.

I believe the best way forward is to ask the ISP about what IP addressing and routing they have configured.
0
 
LVL 33

Assisted Solution

by:digitap
digitap earned 250 total points
ID: 33932382
@pergr :: my only concern there is creating a dependency on the ISP for you internal network to function properly.  if there is ever a change on their end (which they are not required to notify us when or before they make it), then this could cause disruption.  also, if we need a change, then we must wait on them to implement the change.  either of those scenarios, can take hours or days to complete.  i've seen it happen.  thoughts?
0
 
LVL 17

Assisted Solution

by:pergr
pergr earned 250 total points
ID: 33932888
Well, I used to work at an ISP - with these sort of things.

I think the best advice would be to choose a good ISP..., and a good design. If you want to be able to make changes without waiting for them, then choose a dynamic routing protocol (probably BGP) so that if you want to add new subnets at one site you will advertise them yourself and the ISP do not need to make any changes for them to appear on the other side of the VPN.
0
 
LVL 33

Expert Comment

by:digitap
ID: 34371957
thanks for the points!
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question