07-24-2010 09:31 AM - edited 03-04-2019 09:10 AM
Hello
Site_A connects to Site_B over a serviceprovider MPLS network.
Email_Server/Portal_Srv is located in Site_B.
When MPLS is down, site_A cannot access email_Server & Portal_Srv
DNS Entry of Email_Server : 10.1.1.100 & Portal_Srv : 10.1.1.50
Both Email & Portal are published server's on Internet.
Site_A have Internet link but still users cannot access Email & Portal ( local DNS Server resolve names to private range )
If user is outside office campusthen Email and Portal works.
what are my options to make it work.
Thansk
07-25-2010 10:21 AM
Hello,
One of the easiest solution will be to just use public IP for email/portal server access. But I realize that it will affect your overall email/portal server access performance. The other solution that is easily doable is to configure a site-to-site VPN tunnel between the two edge routers over the internet. Then you can configure route-tracking on both ends so that when the MPLS link goes down, the traffic goes via the VPN connection over the internet. This way, you will have connectivity between Site A and Site B when the MPLS connection goes down.
Hope this helps.
Regards,
NT
07-25-2010 10:33 AM
Hi
Site to Site VPN is only visible option. ( GRE over IPSEC )
Should MPLS and VPN be on the same router or different.
Currently users default Gateway is MPLS Router.
Endpoints (users) are connected to non-cisco switch
07-25-2010 02:52 PM
Hello,
If your MPLS router is also connected to internet, then you can configure
VPN tunnels on that one. If not, you can configure it on a different router,
but make sure that you have floating static routes on the MPLS router for
the remote subnets and those will go away when the MPLS network goes down.
Hope this helps.
Regards,
NT
07-26-2010 12:41 AM
Hi
MPLS RTR is not connected over INTERNET.
How do i setup floating static routes on MPLS.
Another Queston >: Default_GW for user in MPLS, how the traffic would forward to another router ( VPN Router)
07-26-2010 06:50 AM
Hello,
Here is an example configuration:
interface FastEthernet 0/0
description MPLS_Link
ip address 10.1.1.1 255.255.255.0
exit
interface FastEthernet 0/1
description Connection to VPN Router
ip address 10.2.2.2 255.255.255.0
exit
ip sla monitor 1
type echo protocol ipIcmpEcho
timeout 1000
frequency 3
threshold 2
exit
ip sla monitor schedule 1 life forever start-time now
track 123 rtr 1 reachability
ip route 0.0.0.0 0.0.0.0 10.1.1.242 track 123
ip route 0.0.0.0 0.0.0.0 10.2.2.125 254
You need to make sure that you have connectivity between the VPN router and
the MPLS Router. The second route statement in the example will ensure that
when the MPLS connection is down, all traffic will be forwarded to the VPN
router.
Hope this helps.
Regards,
NT
07-26-2010 10:45 PM
Thanks NT for the config.
I got couple of question
(1) Is it possible to use dynamic routing protocol instead of staitc as per your config.
( example : if new service is added on Main_site on different vlan then static entry would be needed in branch office )
(2) Is it possible to terminated both VPN and MPLS on same router and have automatic failover ;
if MPLS is down then all traffic goes via VPN
When MPLS is up traffic goes back again via MPLS instead of VPN
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: