Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
965
Views
0
Helpful
4
Replies

Gre Tunnel to use for internet whereas MPLS link to use DC segments

zeeshan.anwar
Level 1
Level 1

‎11-03-2024 10:56 AM

Hi Team,

 

I have below scenario here:

Branch Core Switch---> Branch Router --->MPLS Cloud ----> Hub Router---> Core-Switch ---> WAN firewall
                                                                                                                                                       

                                                                                            Internet link--->   Internet Switch --->    Proxy Firewall

 

All my DC segments are behiind the WAN firewall.Which i am able to able advertise in Bgp Network.However i want user to have internet access via Proxy firewall.For this i am thinking to create a GRE tunnell from Branch router to Proxy Firewall(Proxy Firewall is connected to Internet Switch).I am struggling to understand what should be the source ip of my gre tunnel is th ip of MPLS cloud provider PE of remote location or it will will be Lan interface of router as the core switch has all data and wireless subnets for internet users.

I am attaching existing setup configs as well

 

 

Labels:
Preview file
8 KB
Preview file
11 KB
Preview file
4 KB
0 Helpful
4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

‎11-03-2024 11:04 AM

Looking at Branch Router config, it was not clear in line with your diagram.

Rather text do you have picture diagram for us to understand the network connected.

Does branch have 2 Links MPLS and Internet ?

Generally Most deployed setup for the http and https traffic route via Proxy

1. Option 1 using manual configuration via browser or WPAD or PAC File.

2. Redirect using WCCP based on the destination via proxy.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

zeeshan.anwar
Level 1
Level 1
In response to balaji.bandi

‎11-03-2024 11:17 AM

Here is the diagram.Branch only have MPLS link no internet

Preview file
55 KB
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎11-03-2024 11:31 AM

@balaji.bandi asks a good question about whether there are 2 links from the Branch. My understanding from your description is that Branch has a single link to Hub router. Is that correct? 

If you want a GRE tunnel from Branch router to Proxy Firewall then the source would be the outside interface of Branch router and destination would be the outside interface of Proxy Firewall. And similar addressing at Internet switch and Proxy firewall at the remote side. And you will need to be careful with netting and routing between sites so that tunnel traffic is appropriately natted and routed.

This will be a fairly complex thing to configure and I wonder if the complexity is worth it? What are benefits of Branch users getting Internet access via Proxy firewall as compared to Internet access via WAN firewall?

HTH

Rick
0 Helpful

zeeshan.anwar
Level 1
Level 1
In response to Richard Burts

‎11-03-2024 11:36 AM

Thanks for the yes branch has a single MPLS link to Hub.

Asper design of firewall all users are behind a proxy firewall for internet not by WAN firewall

0 Helpful
Customers Also Viewed These Support Documents