Solved

Adding Redundancy with MPLS and Sonic Firewall

Posted on 2011-02-23
4
865 Views
Last Modified: 2013-11-16
I'm searching their db to see if there are any other solutions resembling the issue I'm trying to get a solution for. Below you will notice the setup; not the most ideal solution; but in a nutshell

The CISCO routers are managed by the carrier additionally the carrier has the Cisco devices programmed so that if MPLS link goes down on the WAN side route all traffic back to the LAN side of the Cisco which will forward all traffic to the X0 interface IP of the Sonicwall. The Sonicwall has VPN tunnels configured from remote to HQ site in this case let's say HQ is 10.0.13.0  

The default gateway for all clients in a node will be the Cisco (CE) device. problem is that when we test failover to the Sonicwall the Cisco sends traffic to the Sonicwall; but the Sonicwall will not receive a response back from the remote Sonicwall I believe the end node may be trying to route the information via the MPLS network at HQ since all clients are programmed for the CISCO to be the default gateway. If I set all clients to route traffic to the Sonicwall as a default would I be able to configure 2 redundant routes and if link is down failover to the VPN tunnel as secondary?
 

 MPLS Config
0
Comment
Question by:GridLock137
  • 2
  • 2
4 Comments
 
LVL 33

Expert Comment

by:digitap
ID: 34964955
alot of times it would depend on how the connection goes down.  i would assume if the mpls goes down and both sides are using the cisco as the default route, then this "down" condition would be coordinated.  so, each cisco would route their traffic to the sonicwalls.  the sonicwalls would have their VPNs up and traffic would route.  it's supposed to happen this way or at least how you expect it to happen?

there is a way to setup to gateways and configure a route to be disabled if the interface goes offline.  however, in this case, you might have some challenges if the cisco router stays online but the mpls "down" issue is beyond the cisco router and the sonicwall can't detect that.
0
 
LVL 7

Accepted Solution

by:
GridLock137 earned 0 total points
ID: 34965034
Found this to be the solution for the current topology  http://www.fuzeqna.com/sonicwallkb/consumer/kbdetail.asp?kbid=8445

would this work?
0
 
LVL 33

Expert Comment

by:digitap
ID: 34965087
that's describing your situation exactly.  it's what i would have recommended.  i've not come across this configuration before.
0
 
LVL 7

Author Closing Comment

by:GridLock137
ID: 34995513
quick one I guess
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now