routing to MPLS network

Answered Question
Jan 8th, 2008

Hi,

We have several branch offices connected via a managed MPLS network. Each MPLS router in the branch office is connected to the local LAN switch, with its separate firewall and internet access router. How do we direct traffic from the local network (unmanaged) to the private IP addresses in the MPLS network (managed)? Can static routes be configured on the ASA5505 firewall to route traffic to MPLS router?

ISP router>local router>ASA5505 firewall>LAN switch>MPLS router>MPLS cloud.

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 8 years 11 months ago

Said

Sorry to confuse you, i was talking about a branch office with a L3 switch but as you only have L2 switches in your branch offices and you have no control over the MPLS router you will need to modify the ASA as previously suggested.

Does this make sense

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Jon Marshall Tue, 01/08/2008 - 23:55

Hi

What is the default-gateway set to of the clients on the LAN switch. If it is the ASA5505 then you could add a route on the ASA pointing back to the MPLS router. Going in and out on an ASA interface is called hairpinning and it is possible.

Alternatively you could make the default-gateway the MPLS router and any traffic not destined for the private addresses in the MPLS network get routed back to the ASA.

Which one to use depends on how much traffic is sent to the MPLS private addresses vs sent to the Internet.

HTH

Jon

saidfrh Wed, 01/09/2008 - 03:57

Jon,

Thanks. The new network is being configured and will be set in production next month. I have not gotten to the configuring the LAN switch, yet. My guess is the traffic would be 50% accessing the resources in the MPLS network and 50% traffic would be directed to the internet.

The MPLS router is managed by the ISP. We do not have access to the MPLS router. How and where is your second suggestion configured? "...any traffic not destined for the private addresses in the MPLS network get routed back to the ASA. "

Thanks.

Said

Jon Marshall Wed, 01/09/2008 - 04:03

Said

Is the LAN switch layer 2 only or layer 3 capable. If you do not have access to the MPLS router you have 2 options

1) Add a route on the ASA for the private MPLS networks pointing to the MPLS router. You will need to enable hairpinning on the ASA.

Set the default-gateway of the clients on your LAN switch to be the ASA.

2) If your switch is a Layer 3 switch then you can do this in a much cleaner way. Create the L3 vlan interface(s) for the client vlan(s) on the switch and then you can use statics on the L3 switch eg.

ip route 0.0.0.0 0.0.0.0 "ASA inside interface"

ip route "MPLS private net" "subnet mask" "MPLS router inside interface"

Jon

saidfrh Wed, 01/09/2008 - 04:26

Jon,

The branch office networks will have layer 2 LAN switches, All hosts will be on 1 VLAN.

The Corp LAN switch will have a layer 3 switch assigned with several VLANS.

I am confused on your second suggestion. The VLANS on the Corp L3 switch would are for subnets in local location. The MPLS network will include the servers IP of at Corp and rest of networks. This is my first professional/production experience. Could you elaborate on the second suggestion.

Thanks.

Said

Correct Answer
Jon Marshall Wed, 01/09/2008 - 04:52

Said

Sorry to confuse you, i was talking about a branch office with a L3 switch but as you only have L2 switches in your branch offices and you have no control over the MPLS router you will need to modify the ASA as previously suggested.

Does this make sense

Jon

Actions

This Discussion