3G over MPLS

happyatuni · ‎03-28-2013

Dear all,

I currently have a 150 nodes MPLS network. My management is anxious to join some sites with 3G routers as their centres move around a lot.

My current MPLS site as 4 x Ps with lots of PEs linking to the 150 x CEs. Is there a way to easily link up my 3G routers to my MPLS network? I have heard DMVPN or MPLS over mGRE may be a solution. My 3G routers are mostly 19xx and 29xx routers.

Would be great if anyone can shed some light on this.

Cheers

paolo bevilacqua · ‎03-28-2013

You can use DMVPN, then redistribute routes between the two domains.

Any reputable network enginder should be albel to finalize and implement the design for you.

blau grana · ‎03-28-2013

Hello Hunt,

You can configure IPsec tunnel over 3G connection, and this IPsec tunnel will be terminated in VRF, so all 4 sites will have access to entire VPN.

Is this suitable solution for you?

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

Tagir Temirgaliyev · ‎03-29-2013

we have direct connection to mobile provider and so called 3G corporate access.

so 3G routers can connect to our corporate lan via vpdn group

happyatuni · ‎03-29-2013

Thanks all.

Any examples i can see so i can understand more on how to design these?

Wish all of you have a happy Easter!

Cheers,

Hunt

blau grana · ‎03-29-2013

Hello Hunt and happy Easter to you too,

On 3G site you will configure basic GRE tunnel ->

interface tunnel 0

ip address xyz

tunnel source [WAN interface/IP]

tunnel destination [IP address of some main site where tunnels will be terminated]

Configureation of GRE tunnel on main site.

interface tunnel 0

ip address xyz

tunnel source [WAN interface/IP] -> this will be IP from global routing table, most likely IP of interface toward internet

tunnel destination [public IP of remote 3G site]

- this configuration can be used if remote 3G sites will have static public IP, for routing you can use some IGP, BGP or static routing, it depends on you.

- you can also use IPsec to protect traffic transported over GRE tunnels

With some changes, this scenario can be used if 3g sites have dynamic public addresses or are behind NAT.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

happyatuni · ‎03-29-2013

Hi blau,

Thanks so much for your example. That actually is the bit that I'm interested in.

Since my work's 3G router gets a different Public IP every time, how can i still get this to work?

Cheers,

Hunt

blau grana · ‎03-30-2013

Hello Hunt,

Here is explanation how to configure IPsec tunnel with one end having dynamic public IP.

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/936-cisco-router-vpn-dynamic-endpoint.html

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080093f86.shtml

To suit your scenario, you have to make your IPsec tunnels VRF aware, it is explained here:

https://supportforums.cisco.com/docs/DOC-13524

http://blog.ipexpert.com/2010/09/20/vrf-aware-ipsec-using-crypto-maps/

If you have any further questions or problems with configuration, please attach relevant parts of configuration or outputs.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions