Solved

VPN Routing Situation

Posted on 2012-04-02
2
310 Views
Last Modified: 2012-05-08
Okay, we have in total we'll say 7 sites/locations. Two of these are managed by ourselves and the rest are managed by the ISP. The two that we manage (router 1 and router 2) are connected via a site-to-site/ipsec-l2l (one is an ASA 5510, one is an ASA 5505) and ONE (router 2) of these is also connected to a single ISP router via an additional site-to-site.

All of the ISP routers are connected in a mesh network using MPLS and we don't have any access to these. The local IP scheme in use is 192.168.1-8.xxx we'll say.

Assuming the ISP has their equiptment setup correctly, how will it be possible to make router 1 (and router 2 for that matter) communicate with the rest of the locations? I'm guessing I need to put some type of route in the ASA's like:

route inside 192.168.0.0 255.255.0.0 [isp_wanIP]

Can you even do static routes across a lan to lan VPN?
0
Comment
Question by:TechGuy_007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 

Expert Comment

by:Bassam_bnd
ID: 37798850
I think you need to access your ISP routers as will,
because the inversed route should configure on those routers.
0
 
LVL 26

Accepted Solution

by:
Fred Marshall earned 500 total points
ID: 37799188
Well, first of all I'd just skip the VPN part (in concept for now) because you have an MPLS sort of connection and have the choice of using VPN or not, right?  I think the routing issues are similar.

I'm rather surprised that there are "ISP routers" involved but maybe I don't understand the setup yet.

In the MPLS setups that I'm familiar with, the ISP provides what really looks like a switch and all your sites plug into that switch in essence.

What we do with this is the following:

Set up a router at each site that's connected to the MPLS.
Set up an "interim subnet" that supports all the connections to the MPLS.
So, you might have:
192.168.100.101 to 192.168.100.107 for 7 sites all on the "ISP" or MPLS side of routers at each site.
Then on the LAN side of those routers you would have, let us say, subnets:
10.0.1.0 /24 through 10.0.7.0/24.
So, for example, one router would have
10.0.1.0/24 on the LAN side and 192.168.100.101 on the WAN side.
10.1.2.0/24 on the LAN side and 192.168.100.102 on the WAN side.
etc.

Each router will have routes going to each subnet via the router WAN addresses.
Each LAN gateway will have routes going to all the subnets pointing to its local interconnect router address such as 10.0.1.xxx.
0

Featured Post

Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Set up secondary Domain Controller 4 113
Review of a VPN cert policy 4 59
Wifi addin for wireshark? 5 66
Short term mitigation for Symantec's certs (Google's downgrading) 2 70
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question