Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

VPN Routing Situation

Posted on 2012-04-02
2
Medium Priority
?
315 Views
Last Modified: 2012-05-08
Okay, we have in total we'll say 7 sites/locations. Two of these are managed by ourselves and the rest are managed by the ISP. The two that we manage (router 1 and router 2) are connected via a site-to-site/ipsec-l2l (one is an ASA 5510, one is an ASA 5505) and ONE (router 2) of these is also connected to a single ISP router via an additional site-to-site.

All of the ISP routers are connected in a mesh network using MPLS and we don't have any access to these. The local IP scheme in use is 192.168.1-8.xxx we'll say.

Assuming the ISP has their equiptment setup correctly, how will it be possible to make router 1 (and router 2 for that matter) communicate with the rest of the locations? I'm guessing I need to put some type of route in the ASA's like:

route inside 192.168.0.0 255.255.0.0 [isp_wanIP]

Can you even do static routes across a lan to lan VPN?
0
Comment
Question by:TechGuy_007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Expert Comment

by:Bassam_bnd
ID: 37798850
I think you need to access your ISP routers as will,
because the inversed route should configure on those routers.
0
 
LVL 26

Accepted Solution

by:
Fred Marshall earned 2000 total points
ID: 37799188
Well, first of all I'd just skip the VPN part (in concept for now) because you have an MPLS sort of connection and have the choice of using VPN or not, right?  I think the routing issues are similar.

I'm rather surprised that there are "ISP routers" involved but maybe I don't understand the setup yet.

In the MPLS setups that I'm familiar with, the ISP provides what really looks like a switch and all your sites plug into that switch in essence.

What we do with this is the following:

Set up a router at each site that's connected to the MPLS.
Set up an "interim subnet" that supports all the connections to the MPLS.
So, you might have:
192.168.100.101 to 192.168.100.107 for 7 sites all on the "ISP" or MPLS side of routers at each site.
Then on the LAN side of those routers you would have, let us say, subnets:
10.0.1.0 /24 through 10.0.7.0/24.
So, for example, one router would have
10.0.1.0/24 on the LAN side and 192.168.100.101 on the WAN side.
10.1.2.0/24 on the LAN side and 192.168.100.102 on the WAN side.
etc.

Each router will have routes going to each subnet via the router WAN addresses.
Each LAN gateway will have routes going to all the subnets pointing to its local interconnect router address such as 10.0.1.xxx.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question