Link to home
Start Free TrialLog in
Avatar of Techrunner
Techrunner

asked on

MPLS IP VPN Design

Hello Experts-
We have subscribed to MPLS IPVPN via Service Provide to connect our branch offices with HQ.
We have been given /30 subnet at HQ and each offices and running BGP between CE Router and ISP. We suppose to send the routes to ISP and then take will foreward via MPLS Cloud.

We want to install firewall at the HQ between MPLS Router and L3 Switch.

I am just concerned what routing protocol I should between MPLS Router and L3 Switch at HQ so that all HQ hosts can reach to branch offices.. Shall I used IGP or Static Routes ?
How to inject the routes from MPLS routes to firewall ? Is it advisable to run a routing protocol between them
How I can achieve redudancy if a router or firewall fails in HQ Office.

I am attaching a basic design.
Any suggestions and comments are welcome.
Avatar of Predrag Jovic
Predrag Jovic
Flag of Poland image

We suppose to send the routes to ISP and then take will foreward via MPLS Cloud. Shall I used IGP or Static Routes ?
Sending routes to ISP would mean that you are using routing protocol between you and ISP. Check with ISP which routing protocol should be used (that both companies can support).
How to inject the routes from MPLS routes to firewall ? Is it advisable to run a routing protocol between them
via routing protocol that is agreed between you and ISP. If you want, you can place firewall, but you can just place L3 switch if you want to (typical scenario most of the time), that is your design decision.
How I can achieve redundancy if a router or firewall fails in HQ Office.
You can create backup VPN encrypted tunnel(s) via internet for the case that primary link fails.
Avatar of Techrunner
Techrunner

ASKER

Sending routes to ISP would mean that you are using routing protocol between you and ISP. Check with ISP which routing protocol should be used (that both companies can support).

EBGP is running between us and ISP. I am receiving the routes from Branch Office

However, after the CE router I have installed the Cisco 5525-X Firewall and this firewall is connecting to our Core L3 Switch. In order to exchange the routes between router and firewall, do you I need to use routing protocol ?

Is it a good design to install a firewall ?

Appreciating your suggestions.
ASKER CERTIFIED SOLUTION
Avatar of Predrag Jovic
Predrag Jovic
Flag of Poland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Hi,
The firewall is in routed mode.
Shall I connect ISP modem to the firewall or router ?