VPN Routing Situation

Okay, we have in total we'll say 7 sites/locations. Two of these are managed by ourselves and the rest are managed by the ISP. The two that we manage (router 1 and router 2) are connected via a site-to-site/ipsec-l2l (one is an ASA 5510, one is an ASA 5505) and ONE (router 2) of these is also connected to a single ISP router via an additional site-to-site.

All of the ISP routers are connected in a mesh network using MPLS and we don't have any access to these. The local IP scheme in use is 192.168.1-8.xxx we'll say.

Assuming the ISP has their equiptment setup correctly, how will it be possible to make router 1 (and router 2 for that matter) communicate with the rest of the locations? I'm guessing I need to put some type of route in the ASA's like:

route inside [isp_wanIP]

Can you even do static routes across a lan to lan VPN?
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

Fred MarshallConnect With a Mentor PrincipalCommented:
Well, first of all I'd just skip the VPN part (in concept for now) because you have an MPLS sort of connection and have the choice of using VPN or not, right?  I think the routing issues are similar.

I'm rather surprised that there are "ISP routers" involved but maybe I don't understand the setup yet.

In the MPLS setups that I'm familiar with, the ISP provides what really looks like a switch and all your sites plug into that switch in essence.

What we do with this is the following:

Set up a router at each site that's connected to the MPLS.
Set up an "interim subnet" that supports all the connections to the MPLS.
So, you might have: to for 7 sites all on the "ISP" or MPLS side of routers at each site.
Then on the LAN side of those routers you would have, let us say, subnets: /24 through
So, for example, one router would have on the LAN side and on the WAN side. on the LAN side and on the WAN side.

Each router will have routes going to each subnet via the router WAN addresses.
Each LAN gateway will have routes going to all the subnets pointing to its local interconnect router address such as 10.0.1.xxx.
I think you need to access your ISP routers as will,
because the inversed route should configure on those routers.
All Courses

From novice to tech pro — start learning today.