Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Adding Redundancy with MPLS and Sonic Firewall

Posted on 2011-02-23
4
Medium Priority
?
889 Views
Last Modified: 2013-11-16
I'm searching their db to see if there are any other solutions resembling the issue I'm trying to get a solution for. Below you will notice the setup; not the most ideal solution; but in a nutshell

The CISCO routers are managed by the carrier additionally the carrier has the Cisco devices programmed so that if MPLS link goes down on the WAN side route all traffic back to the LAN side of the Cisco which will forward all traffic to the X0 interface IP of the Sonicwall. The Sonicwall has VPN tunnels configured from remote to HQ site in this case let's say HQ is 10.0.13.0  

The default gateway for all clients in a node will be the Cisco (CE) device. problem is that when we test failover to the Sonicwall the Cisco sends traffic to the Sonicwall; but the Sonicwall will not receive a response back from the remote Sonicwall I believe the end node may be trying to route the information via the MPLS network at HQ since all clients are programmed for the CISCO to be the default gateway. If I set all clients to route traffic to the Sonicwall as a default would I be able to configure 2 redundant routes and if link is down failover to the VPN tunnel as secondary?
 

 MPLS Config
0
Comment
Question by:GridLock137
  • 2
  • 2
4 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 34964955
alot of times it would depend on how the connection goes down.  i would assume if the mpls goes down and both sides are using the cisco as the default route, then this "down" condition would be coordinated.  so, each cisco would route their traffic to the sonicwalls.  the sonicwalls would have their VPNs up and traffic would route.  it's supposed to happen this way or at least how you expect it to happen?

there is a way to setup to gateways and configure a route to be disabled if the interface goes offline.  however, in this case, you might have some challenges if the cisco router stays online but the mpls "down" issue is beyond the cisco router and the sonicwall can't detect that.
0
 
LVL 7

Accepted Solution

by:
GridLock137 earned 0 total points
ID: 34965034
Found this to be the solution for the current topology  http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=8445

would this work?
0
 
LVL 33

Expert Comment

by:digitap
ID: 34965087
that's describing your situation exactly.  it's what i would have recommended.  i've not come across this configuration before.
0
 
LVL 7

Author Closing Comment

by:GridLock137
ID: 34995513
quick one I guess
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question