Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

easy for some, hard for me...MPLS and LAN

Based on the attached diagram, I need site 2's pc to use site 1's firewall for internet access. If you had 2 factory fresh L3 poe switches, how would you program them to get the needed results?

PS anything on the diagram can be changed (ip addreses, GW's, VLAN's etc)

  • Getting Started with LANs
1 ACCEPTED SOLUTION

Accepted Solutions

Re: easy for some, hard for me...MPLS and LAN

Easiest way is to just have your default route on your site 2 MPLS router point to the site 1 MPLS router. This way any subnets the router doesn't know about (such as the Internet) will get sent to site 1 and then out of the firewall.

Sent from Cisco Technical Support iPhone App

15 REPLIES

Re: easy for some, hard for me...MPLS and LAN

Easiest way is to just have your default route on your site 2 MPLS router point to the site 1 MPLS router. This way any subnets the router doesn't know about (such as the Internet) will get sent to site 1 and then out of the firewall.

Sent from Cisco Technical Support iPhone App

Re: easy for some, hard for me...MPLS and LAN

Are you using a dynamic routing protocol like OSPF at both sites? What the first poster suggested is correct, but you may need to have site one advertise the default route into the MPLS so site two can pick it up.

Sent from Cisco Technical Support iPhone App

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
New Member

Re: easy for some, hard for me...MPLS and LAN

I have no idea. I guess I would have to ask the MPLS providers that (they manager the MPLS routers)?

Re: easy for some, hard for me...MPLS and LAN

What are you using on your LAN for a routing protocol?  Are you just using static routes at both sites?  If you are, you can try just making Site B's default route the same as Site A's.  Try pinging the Site A firewall from one of the PCs at Site 2 and make sure you can get to it.  You may have to make sure the firewall allows echo reply on the inside interface.  If you can get to it you might try doing something like the below on your switch at site 2:

ip route 0.0.0.0 0.0.0.0 x.x.x.x <---Site 1 GW, your firewall?

HTH

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
New Member

easy for some, hard for me...MPLS and LAN

yes, on site A's switch, I have 0.0.0.0 0.0.0.0 to 192.168.1.5 (the sonicwall firewall)

The odd part is that I can ping a PC directly connected to site A's switch from a pc on site B, but I cannot ping the firewall directly connected to switch on Site SA from the pc on Site B. (I can however ping the firewall from both the switch and the PC on site A)

easy for some, hard for me...MPLS and LAN

Check the routing tables on your firewall.  Make sure there is a route to Site B.  It sounds like your firewall might not know that Site B is "inside" instead of "outside".  So when you ping the inside interface of your firewall from Site B, it's sending the reply to it's default router - the outside.  You may need to put a couple of static router statements on your firewall like:

route 192.138.4.0/24 inside

route 10.14.2.0/24 inside

I have no idea of the syntax for Sonicwall's so you'll have to figure that part out. 

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

easy for some, hard for me...MPLS and LAN

One thing that you should check is that the SonicWall firewall has a route back to the subnet in site B.

Most likely the traffic is making it to the firewall but becauase the SonicWall doesn't have a route it tries to send it out of its default route.

Also check rules that you can actually ping the firewall from that subnet.

New Member

easy for some, hard for me...MPLS and LAN

ok, I'm getting closer. I added the route 192.168.4.0 255.255.255.0 --> 192.168.1.254 on the sonicwall. Now I can ping the PC on site B from the sonicwall and visa vera with the site B pc. Now I have to figure out how to get site B's pc to reach the web. (pinging 4.2.2.2 for example shows "destination unreachable 192.168.4.254)

The site B's route is 0.0.0.0 0.0.0.0 --> 192.168.1.5 (the sonicwall)

easy for some, hard for me...MPLS and LAN

Do you have NAT statements in your firewall for that subnet at Site B?

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.
1618
Views
10
Helpful
15
Replies