Solved

VPN Routing Situation

Posted on 2012-04-02
2
304 Views
Last Modified: 2012-05-08
Okay, we have in total we'll say 7 sites/locations. Two of these are managed by ourselves and the rest are managed by the ISP. The two that we manage (router 1 and router 2) are connected via a site-to-site/ipsec-l2l (one is an ASA 5510, one is an ASA 5505) and ONE (router 2) of these is also connected to a single ISP router via an additional site-to-site.

All of the ISP routers are connected in a mesh network using MPLS and we don't have any access to these. The local IP scheme in use is 192.168.1-8.xxx we'll say.

Assuming the ISP has their equiptment setup correctly, how will it be possible to make router 1 (and router 2 for that matter) communicate with the rest of the locations? I'm guessing I need to put some type of route in the ASA's like:

route inside 192.168.0.0 255.255.0.0 [isp_wanIP]

Can you even do static routes across a lan to lan VPN?
0
Comment
Question by:TechGuy_007
2 Comments
 

Expert Comment

by:Bassam_bnd
ID: 37798850
I think you need to access your ISP routers as will,
because the inversed route should configure on those routers.
0
 
LVL 25

Accepted Solution

by:
Fred Marshall earned 500 total points
ID: 37799188
Well, first of all I'd just skip the VPN part (in concept for now) because you have an MPLS sort of connection and have the choice of using VPN or not, right?  I think the routing issues are similar.

I'm rather surprised that there are "ISP routers" involved but maybe I don't understand the setup yet.

In the MPLS setups that I'm familiar with, the ISP provides what really looks like a switch and all your sites plug into that switch in essence.

What we do with this is the following:

Set up a router at each site that's connected to the MPLS.
Set up an "interim subnet" that supports all the connections to the MPLS.
So, you might have:
192.168.100.101 to 192.168.100.107 for 7 sites all on the "ISP" or MPLS side of routers at each site.
Then on the LAN side of those routers you would have, let us say, subnets:
10.0.1.0 /24 through 10.0.7.0/24.
So, for example, one router would have
10.0.1.0/24 on the LAN side and 192.168.100.101 on the WAN side.
10.1.2.0/24 on the LAN side and 192.168.100.102 on the WAN side.
etc.

Each router will have routes going to each subnet via the router WAN addresses.
Each LAN gateway will have routes going to all the subnets pointing to its local interconnect router address such as 10.0.1.xxx.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now