Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1221
  • Last Modified:

Sonicwall NSA 240 and MPLS Routing Issue

First off, I've inherited a nightmare, and I'm not 100% sure what I want can be done.

I'm in the process of setting up an MPLS across 3 sites.  I've purchased 3 SonicWall NSA 240's to use in each location as firewalls.

Each site has two separate facilities.  
Site 1 - Network 192.168.51.x and 192.168.100.x
Site 2 - Network 192.168.52.x and 192.168.101.x
Site 3 - Network 192.168.50.x

Now to make things complicated.  the 192.168.100 and 101 networks should be able to see the entire network.   The 192.168.5x networks should not be able to see the 10x networks at all.

On the Provider Router there are 2 ports.  00/Internet 01/MPLS
Site 1 MPLS GW's are 51.254 and 100.254
Site 2 MPLS GW's are 52.254 and 101.254
Site 3 MPLS GW are 50.254

So on Site 1 and 2 Routers I assume I need to set 4 ports.
X0 - 5x LAN
X1 - 10x LAN
X2 - MPLS -> 01 on Provider Router
X3 - Internet -> 00 on Provider Router

I'm not sure how to set up Router to make all this work.  
Let me know if you have any ideas.
0
C_Parlato
Asked:
C_Parlato
  • 2
1 Solution
 
digitapCommented:
what i've done in this scenario is to setup the mpls network on its own ip network.  then, create routes using the gateway of the sonicwall that owns those networks.  once the mpls network is setup on its own zone you can use firewall acls to control the ip networks from accessing the other networks across the mpls network.
0
 
C_ParlatoAuthor Commented:
That's part of the answer digitap.  The MPLS network can't overlap into site network.  

Also, looks like I need to make a route that points traffic from the x2 port (MPLS Traffic) to the MPLS GW.   Then route all local traffic that needs to go through the MPLS to the x2 port.


0
 
digitapCommented:
correct...the MPLS could be something like 10.1.2.x/24.  Then, site one would be 10.1.2.1, Site 2 would be 10.1.2.2, etc.  are you saying that your MPLS network would not let all those ports be on the same IP subnet?


by the way, thanks for the points!
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now