515e WAN Routing Question

Unanswered Question
Jul 19th, 2007

Hi,

I have two 515e's at different locations which are currently connected using a L2L vpn.

We have just had a managed BT MPLS link installed.

We gave BT our internal network ranges and they confirmed their side of the work has been completed.

what I want to do now is use the pix at either end to route and connect the internal networks.

So far I have managed to establish connectivity between the 515e's on their 192.168.1.0/24 and 192.168.3.0/24 networks but am not sure where to go now?

I have posted the configs for both PIX's and would be really grateful if anoyone could help.

Kind regards

J Mack

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (1 ratings)
Loading.
JBDanford2002 Sun, 07/22/2007 - 12:02

Where is the MPLS network located to the PIX Firewalls? On the DMZ or the inside interface.

johnnymac Mon, 07/23/2007 - 00:36

Hi they are located on spare ports the PIX has so i guess that would be DMZ. The inside int's are connected to the internal LAN's.

johnnymac Mon, 07/23/2007 - 05:28

All i really want to do is use the pix as a router and send traffic from two Internal LANS to each other via the MPLS line. while maintaining the outside interface for the internet.

Is it a case of the PIX just isn't built for this type of functionality?

Would i be best off just connecting the mpls to a Vlan on a switch?

Some help would be much appreciated as i'm really stuck.

Regards

J Mack

JBDanford2002 Mon, 07/23/2007 - 16:00

If it is from the inside network (eth1) going to the DMZ (eth2) to get to the MPLS network then you should not have an issue. Are both sites set up this way? The problem occurs when (6.X and below) the networks are located off of the same interface. Sounds like you should be good to go in your scenario. All you will need is a translation and some rules. Are the networks you want to run via MPLS currently sent through the VPN?

johnnymac Tue, 07/24/2007 - 02:44

Hi,

It is, i want to route my internal networks to (eth3) in this case and over the MPLS to the Pix at the other end. They are exactly the same networks that are going through the VPN, which was a temporary solution.

Can you give me some pointers on the translation and rules?

Also there is another remote site as per the attcahed diagram. At the moment i'm tying to connect A - B, and also hope to connect A - C over the MPLS.

Now the BT router has been installed at C but is not yet connected to the internal PIX. Will that be an issue connecting A - B, ie do all three sites have to be connected for the MPLS links to converge?

Thanks For your help

J Mack

Attachment: 
johnnymac Wed, 07/25/2007 - 00:27

Could anyone suggest which NAT config and which rules i should use to achieve this?

Kind regards

J Mack

Actions

This Discussion