cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
451
Views
0
Helpful
6
Replies

DNS

saquib.tandel
Level 1
Level 1

Hello

Site_A connects to Site_B over a serviceprovider MPLS network.

Email_Server/Portal_Srv is located in Site_B.

When MPLS is down, site_A cannot access email_Server & Portal_Srv

DNS Entry of Email_Server : 10.1.1.100 & Portal_Srv : 10.1.1.50

Both Email & Portal are published server's on Internet.

Site_A have  Internet link but still users cannot access Email & Portal ( local DNS Server resolve names to private range )

If user is outside office campusthen Email and Portal works.

what are my options to make it work.

Thansk

6 Replies 6

Nagaraja Thanthry
Cisco Employee
Cisco Employee

Hello,

One of the easiest solution will be to just use public IP for email/portal server access. But I realize that it will affect your overall email/portal server access performance. The other solution that is easily doable is to configure a site-to-site VPN tunnel between the two edge routers over the internet. Then you can configure route-tracking on both ends so that when the MPLS link goes down, the traffic goes via the VPN connection over the internet. This way, you will have connectivity between Site A and Site B when the MPLS connection goes down.

Hope this helps.

Regards,

NT

Hi

Site to Site VPN is only visible option. ( GRE over IPSEC )

Should MPLS and VPN be on the same router or different.

Currently users default Gateway is MPLS Router.

Endpoints (users) are connected to non-cisco switch

Hello,

If your MPLS router is also connected to internet, then you can configure

VPN tunnels on that one. If not, you can configure it on a different router,

but make sure that you have floating static routes on the MPLS router for

the remote subnets and those will go away when the MPLS network goes down.

Hope this helps.

Regards,

NT

Hi

MPLS RTR is not connected over INTERNET.

How do i setup floating static routes on MPLS.

Another Queston >: Default_GW for user in MPLS, how the traffic would forward to another router ( VPN Router)

Hello,

Here is an example configuration:

interface FastEthernet 0/0

description MPLS_Link

ip address 10.1.1.1 255.255.255.0

exit

interface FastEthernet 0/1

description Connection to VPN Router

ip address 10.2.2.2 255.255.255.0

exit

ip sla monitor 1

type echo protocol ipIcmpEcho

timeout 1000

frequency 3

threshold 2

exit

ip sla monitor schedule 1 life forever start-time now

track 123 rtr 1 reachability

ip route 0.0.0.0 0.0.0.0 10.1.1.242 track 123

ip route 0.0.0.0 0.0.0.0 10.2.2.125 254

You need to make sure that you have connectivity between the VPN router and

the MPLS Router. The second route statement in the example will ensure that

when the MPLS connection is down, all traffic will be forwarded to the VPN

router.

Hope this helps.

Regards,

NT

Thanks NT for the config.

I got couple of question

(1)  Is it possible to use dynamic routing protocol instead of staitc as per your config.

      ( example : if new service is added on Main_site on different vlan then static entry would be needed in branch office )

(2) Is it possible to terminated both VPN and MPLS on same router and have automatic failover ;

     if MPLS is down then all traffic goes via VPN

     When MPLS is up traffic goes back again via MPLS instead of VPN

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: