Site to site VPN routing question

Unanswered Question

We'd like to set up a VPN to one of our remote sites. Currently this site is part of our corporate MPLS network. There is a static route configured on our corporate router sending core traffic to this site's subnet.


At this remote site we've also set up a DSL connection with a VPN capable Linksys router. Basically we want to peel off this site from our MPLS network and set up a site to site VPN through our internet router which allows core traffic to flow through the tunnel.


Do we need to remove the static route from the corporate router, or will the tunnel allow corporate traffic to flow properly?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
John Blakley Wed, 02/11/2009 - 12:07
User Badges:
  • Purple, 4500 points or more

If you'll be getting this location off of your MPLS completely, I would think that you would need to get rid of your static route. Do you run any routing protocols?


HTH,


John

No, we're not running any routing protocols. I think that's all I need to do is get rid of that static route, and set up the vpn. We're already running remote access vpn to our concentrator, and our firewall is open to the correct ports.


I wonder if there are any white papers or documentation on Cisco. I would think this scenario is fairly common.

Rick Morris Wed, 02/11/2009 - 13:31
User Badges:
  • Silver, 250 points or more

Forgive me for putting it this way, I do not mean to sound rude.


If you remove this site from your MPLS network and the static route sends this traffic out to the site through the MPLS cloud, then if you don't remove the static route then how do you think traffic will get to the new VPN link?


You will need to point your routes to the VPN link and not the MPLS cloud. As mentioned in the last post I would recommend running some routing protocol that way the site will advertise the networks it has and dynamic routing will allow for traffic flow based on the routing table that is populated via the routing protocol, ie EIGRP or OSPF

Actions

This Discussion