Solved: Routing Internet Traffic over MPLS for remote Site..... - Page 2

mando_usa · ‎06-21-2016

We have four sites connected through MPLS. Each sites has own internet.They can go out side with their own internet.Problem is most of the time we have an issue with local site internet.So our plan to re-route internet traffic through MPLS which site goes down.But I can't do it.Is there anyone who can help me.

Francesco Molino · ‎06-23-2016

Yeah it seems ok now.

Thanks

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

mando_usa · ‎06-23-2016

Have one more concern,

Now we are pushing our internet traffic through MPLS. What we could do suppose to be our MPLS link is down meaning if MPLS link goes down and we want to passes traffic through internet.

You know we are using different connection for internet and MPLS for both end.

Thanks..

Francesco Molino · ‎06-23-2016

This kind of situation is a bit more complex because you need to route internal traffic.

You have many ways to achieve that. I'll give just some of them:

- simple GRE tunnel with ipsec encryption

- site to site vpn

- DMVPN

Since few years now, when I need to build up a parallel architecture for MPLS redundancy, I'm using DMVPN and playing with dynamic routing to prefer one instead of the other.

I've also done (for a very specific case), build all GRE tunnel and by using track and script mount up this tunnel only when MPLS link was down.

You see you can handle it in many ways.

Thanks

PS: Please don't forget to rate and mark as correct answer if this solved your issue.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

mando_usa · ‎06-22-2016

I am trying to make a configuration file what I need to change.However I am sharing full configuration of two site Alabama and Georgia Site as I share the diagram with you.Actually I am little bit scared to change anything before getting any confirmation from you.I need to write down what i need to change.If something wrong I will be murder.

That is the reason I am sharing configuration with you.

Thanks,

Francesco Molino · ‎06-22-2016

Ok. Please next time post your answer at the bottom otherwise it will be hard to see which one is new :-)

First don't change anything on your firewall for HO and branches.
For HO, default route remains the same as it will be the default internet for branches which have local failed internet. Am I understood correctly?
For a branch, like MGA_MDF_3750X_SW_01-02, the configuration would be:

ip sla 1
  icmp-echo x.x.x.x source-interface vlan 10
  timeout 1000

threshold 2
  frequency 3
ip sla schedule 1 life forever start-time now

track 1 ip sla 1 reachability

ip route 0.0.0.0 0.0.0.0 172.28.23.254 1 track 1

ip route 0.0.0.0 0.0.0.0 172.28.15.254 10 ==> As per your diagram this is your ASA in HO to access internet, right

That's it on your site. As I've seen all your design, you don't need to ask anything to your MPLS Service provider. Next hop will be directly your ASA in HO.

Is It more clear?

Thanks

PS: Please don't forget to rate and mark as correct answer if this solved your issue

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question