Solved

Transitionning from VPN tunnels to MPLS with Sonicwall as router and gateway

Posted on 2011-09-20
7
767 Views
Last Modified: 2012-05-12
Hi guys,

I have a new project and would like some inputs. I have basic network understanding but I think that i'm in over my head with the new project. We have 10 locations, one main loation and 9 sites connected back to main with VPN. All site are using TZ100 and main site is using a NSA3500 with latest sonicwall firmare. We are bringing in new MPLS circuits to all the locations. This is what I need help with. All the sites are coded with a 192.168.X.1/24 subnet. Main office is 192.168.1.1/24. The NSA3500 will stay the gateway and router for a FIOS 50/20 internet connection. MPLS circuits are private. I will need to transition the sites from VPN to MPLS one by one. If needed I can change the site IP scheme at any sites.

Question: How should I set the MPLS router IP and how should I connect it to the NSA3500? I have an extra interface (X5) not in use on the NSA that I was thinking about dedicating to the MPLS route. Now what IP could I assign to the main office router X5 interface? Once I transition one site from VPN to MPLS, how is the routing going to work. For example, how can I tell the NSA that site 1 is not going to be 192.168.X.0 through VPN but will be 192.168.Y.0 and will be going through interface X5 instead...

Any advices would be great!
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 32

Expert Comment

by:harbor235
ID: 36572944

So is the MPLS router manged by you or the service provider?

Are you running a routing protocol? Which one?

The outside interface or peering interface with the provider PE router should be using a different IP range for peering? The inside router interface should be connected to a route to the 192.168.x.x/24 net.

harbor235 ;}
0
 

Author Comment

by:Information Technology
ID: 36573653
Hi, here is what I know for sure: the MPLS network and routers are managed by the service provider and they will take care of making modifications and updating the routes according to our request.

I am not running any specific routing protocol beside what comes standard with the sonicwall. As far as the routes I think the sonicwall created all of them when I added all the VPN tunnels.

I'm kind of wondering if I just add the routes manually on the sonicwall and tell it for each network to go to a specific interface if that's going to work.  For example what if I assign 192.168.3.1 for the X5 interface and 192.168.3.2 for the MPLS router, then all the other sites connected to the MPLS router will have something like 192.168.X.X/24, does the IP I assign to the X5 interface and MPLS router matter beside that they need to be from a different subnet than any other subnets that are assigned to the VPN? (Gosh I hope I am not making this seems more complicated than it is...)
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 500 total points
ID: 36573809


I am not a SONICWALL(SW) guy but i am sure it must run a routing protocol. Why not configure dynamic routing and exchange routes with all your other SWs?


                                              Rest of sites

                                                                     
          192.168.3.0/24--SW3-- MPLS cloud ------SW2---192.168.2.0/24
                                                      |
                                                      | (ext interface IP?)
                                                  SW1
                                                      |
                                                  192.168.1.0/24

So the SWs should have another network defined for the MPLS facing interface, if you do not control the CE tehn you still have another network defined that connects to the CE, see below

                                                        MPLS cloud
                                                             |
                                                           CE
                                                             |
                                                           SWX
                                                             |
                                                          192.168.X.0/24

In this case you may need to just tell teh service provider that you want to advertise the 192.168.x.0.24 to all other sites. In this case you may just have an aggregate route point from the SW to the CE, make sense?   is this what you have?


harbor235 ;}
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Information Technology
ID: 36573822
It makes sense and maybe I should enable routing on the SW. for now all the routing protocals are turned off on all the interfaces but I could turn RIP on. I will have a few MPLS sites running in a few days and will do some testing. At least it's not like I have to do the cut over tomorrow :).
0
 
LVL 32

Expert Comment

by:harbor235
ID: 36573917

Well you could have a default route to the CE and the service provider is managing your routing?
First step is to call them, tell them what you need and see if they can implement or advise you on your next step. If they manage your CE then this should be part of what you are paying for.

Let me know how i can help out?

harbor235 ;}
0
 

Author Comment

by:Information Technology
ID: 37094197
After more reflexion, this is what we ended up doing:

Set another gateway on the LAN with IP *.*.*.254 for all MPLS traffic
Create a custom route on the main sonicwall and remote sonicwall to send appropriate traffic through the MPLS network. So far it's working great
0
 

Author Closing Comment

by:Information Technology
ID: 37094199
had to play around with the sonicwall specific options. Works great now
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Setting up a VPN 60 205
BGP Network restrictions 6 54
Setting up static routes to  sonicwll 4 92
can't ssh to external IP 9 59
This article is a guide to configure bridging on Cisco Routers.  This is something I never knew was possible until after making a few phone calls to Cisco.  Using bridging saved our company money by not requiring us to purchase a new switch.  Bridgi…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question