• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 893
  • Last Modified:

Adding Redundancy with MPLS and Sonic Firewall

I'm searching their db to see if there are any other solutions resembling the issue I'm trying to get a solution for. Below you will notice the setup; not the most ideal solution; but in a nutshell

The CISCO routers are managed by the carrier additionally the carrier has the Cisco devices programmed so that if MPLS link goes down on the WAN side route all traffic back to the LAN side of the Cisco which will forward all traffic to the X0 interface IP of the Sonicwall. The Sonicwall has VPN tunnels configured from remote to HQ site in this case let's say HQ is 10.0.13.0  

The default gateway for all clients in a node will be the Cisco (CE) device. problem is that when we test failover to the Sonicwall the Cisco sends traffic to the Sonicwall; but the Sonicwall will not receive a response back from the remote Sonicwall I believe the end node may be trying to route the information via the MPLS network at HQ since all clients are programmed for the CISCO to be the default gateway. If I set all clients to route traffic to the Sonicwall as a default would I be able to configure 2 redundant routes and if link is down failover to the VPN tunnel as secondary?
 

 MPLS Config
0
GridLock137
Asked:
GridLock137
  • 2
  • 2
1 Solution
 
digitapCommented:
alot of times it would depend on how the connection goes down.  i would assume if the mpls goes down and both sides are using the cisco as the default route, then this "down" condition would be coordinated.  so, each cisco would route their traffic to the sonicwalls.  the sonicwalls would have their VPNs up and traffic would route.  it's supposed to happen this way or at least how you expect it to happen?

there is a way to setup to gateways and configure a route to be disabled if the interface goes offline.  however, in this case, you might have some challenges if the cisco router stays online but the mpls "down" issue is beyond the cisco router and the sonicwall can't detect that.
0
 
GridLock137Author Commented:
Found this to be the solution for the current topology  http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=8445

would this work?
0
 
digitapCommented:
that's describing your situation exactly.  it's what i would have recommended.  i've not come across this configuration before.
0
 
GridLock137Author Commented:
quick one I guess
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now