MPLS Configuration on Cisco 1841 Router

Unanswered Question

Dear All,


I want some help in configuration.


We are having 2 Branches (1 Head office & 1 is Branch Office). We are having MPLS Connection between 2 Offices. I am having Internet Connection @ my Head office.


I want to connect two offices using MPLS Connection & Want my Brach OFfice LAN users should use Internet connection which is @ my Head office.


How to do this ?


& Also i am having Cisco ASA 5510 @ head office & Want to apply all the Restiction on Branch office LAN Users Also. Means All the Traffice of Head Office & Branch Office Should follow rules in ASA 5510.


How to do this ?



Please help me ....

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ahalwani Tue, 11/30/2010 - 04:39
User Badges:

you don't need MPLS a simple tunnel is enough

Latchum Naidu Tue, 11/30/2010 - 05:03
User Badges:
  • Blue, 1500 points or more

Hi,


I hope the routers at your branch office is managed by you (i mean except the PE ones).

OR

You have only one router that is PE one and managing by provider?


If you have the router which is managing by you then you can route the internet traffic on to head office by configuring below in branch office router.


ip route 0.0.0.0 0.0.0.0 "head office firewall IP"


Make sure the head office firewall is reaching over MPLS first.


Regards,

Naidu.

Mohamed Sobair Tue, 11/30/2010 - 05:51
User Badges:
  • Gold, 750 points or more

Hi,



Well, the configuration depends, Do you have L3VPN MPLS connection between your 2 branches? if not what type of connection you have?


Also what is the current connection between your head office and branch office?




Regards,

Mohamed

Hi Naidu,


Thanks for reply.


Yes, The both the routers are managed by us only.


MPLS IP @ Head office : 10.1.22.21 - 10.1.22.22


INTERNET IP @ Head Office : 1.2.2.2 /30


Head office LAN : 192.168.0.0/24


MPLS IP @ Branch Office : 10.1.22.24 - 10.1.22.25


Brach Office LAN : 192.168.1.0 /24



@ My Head office Do i Need following  Routes:


ip route 0.0.0.0 0.0.0.0 1.2.2.2



Now Also i want to reach my Brach office LAN PCs..


So whats the route i have to add ?



& Whats is route to add to reach to internet which is @ Head office Through ASA ?




ranjit123 Tue, 11/30/2010 - 22:59
User Badges:

Dear Vinayak,


Are you configuring any proxy IP? if yes it should reach the Branch LAN from your Head office where ASA 5510 is situated.


On the ASA 5510 you can permit the LAN IP'S which are to be given internet access.


Regards,

Ranjit Shinde

ranjit123 Tue, 11/30/2010 - 23:13
User Badges:

HI!,


Can your Head Office and Branch office be segmented on the same LAN


as for eg 10.0.0.0/26 for head office and Branch LAN 10.0.0.64/26 for branch LAN


in turn you can apply policy for 10.0.0.0/24 Subnet itself.....


Regards,

Ranjit Shinde

Dear Ranjit,


My Head office LAN IP : 192.168.0.0/24


Brach Office LAN : 192.168.1.0 /24


We are having MPLS Connection between 2 sites. Through which i want my Brach Office LAN Should use Internet connection which is @ my Head office.



& Want both the sites should inter communicate.


Head Office Config :


Internet IP : 1.1.1.1


MPLS IP : 10.1.89.11 (my end)

                 10.1.89.10 (ISP End)


LAN IP : 192.168.0.0 /24


Brach Office Config :


MPLS IP : 10.1.89.14 (My END)

                 10.1.89.13 (ISP End)


LAN IP : 192.168.1.0 /24

ranjit123 Tue, 11/30/2010 - 23:36
User Badges:

Dear Vinayak,


So whats the Problem?


is your internet IP ie 1.1.1.1 reachable from the branch side.


where are you applying policies????


Regards,

ranjit123 Tue, 11/30/2010 - 23:56
User Badges:

Dear Vinayak,


If i am not wrong your Network Topology is as Below



Head Office <------------------------------>  MPLS Cloud <----------------------------------------> Branch Office


If this is tha above scenarion


then you have to advertise the LAN segement used at your head office from ther HEAD OFFICE MPLS Link in order for the them to reach Branch office.


(Which Protocol are you using ??? and how are you going to peer with the provider?)


From branch office you will have to only add a default route from the branch to reach the HEAD office.


Hope i am not confusing you.


Regards,

Latchum Naidu Wed, 12/01/2010 - 04:03
User Badges:
  • Blue, 1500 points or more

Hi Vinay,


The below IP details at your Head and Branch office...


MPLS IP @ Head office : 10.1.22.21 - 10.1.22.22
INTERNET IP @ Head Office : 1.2.2.2 /30
Head office LAN : 192.168.0.0/24
MPLS IP @ Branch Office : 10.1.22.24 - 10.1.22.25
Brach Office LAN : 192.168.1.0 /24


What is the MPLS router IP and the Management Vlan IP at your head office?

I hope you have a default route configured in your MPLS router at head office like below...

0.0.0.0 0.0.0.0 1.2.2.1


I guess your management VLAN IP at your head office is 192.168.0.1, is that right? If YES


Then you can add a default route like below at your branch office MPLS router to go to the internet traffic on to head office internet link....


0.0.0.0 0.0.0.0 192.168.0.1


Regards,

Naidu.

Dear Naidu,


@ My head office i terminated both (Internet & MPLS ) Links on same router.


head office Mpls Router IP is : 10.1.22.22


Branch Office MPLS Router IP is : 10.1.22.25

ASA (Default Gateway For Head office LAN) : 192.168.0.1


Is this possible that my BRANCH Office LAN Users can use Internet & follow ASA Rules @ my Head Office after this command :


0.0.0.0 0.0.0.0 192.168.0.1


Latchum Naidu Wed, 12/01/2010 - 05:12
User Badges:
  • Blue, 1500 points or more

Hi Vinay,


Yes, it should work please check and update...

And make sure the default gateway at head office LAN: 192.168.0.1 is reachinv over MPLS.


Regards,

Naidu.

Dear Naidu,


Thanks for Help..


I will let you know after this is done..


i just need to put a static route na:


Like :\


@ Head office to reach Brach Office LAN :


ip route 192.168.1.0 255.255.255.0 10.1.89.21


Default Route for internet : 0.0.0.0 0.0.0.0 1.1.1.1



@ Brach Office:


ip route 192.168.0.0 255.255.255.0 10.1.89.24


For Internet Access : 0.0.0.0 0.0.0.0 192.168.0.1


Is this right ?

Latchum Naidu Thu, 12/02/2010 - 01:29
User Badges:
  • Blue, 1500 points or more

Hi Vinay,


Yes, that should work out.

I hope you have already the static routes defined at your head office.

And only thing you have to do at branch office.


Is that correct?


Regards,

Naidu.

Actions

This Discussion