Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 26 subscribers
  • Views 1509 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MPLS Configurations, VLANs Sophos xg

Jonathan Nali

Please bear with me on the explanation.

We recently implemented MPLS on our network and were given the VLAN1 for the internet and VLAN2 for data. I set this up under Network-> Port 2 then VLAN1 - WAN, VLAN2 - LAN. Here is the issue. If setup as above, then we cannot reach the branch office(ping), if I change VLAN 2 to WAN, we can reach the branch office but some, not all, of the users, will not have access to the internet. How can this be sorted?

Secondly, our vlan IP addresses are like this:

HQ router:.10.1.1
HQ VLAN IP:168.8.2
GW VLAN IP:168.8.1


SIte1:
Router: 168.8.6
VLAN IP: 168.8.6
VLAN GW: 168.8.5

I cannot reach HQ router from site1 but I can reach as far as 168.8.2.

Please help.


This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    Could you please share a screenshot of the configured policy route for the MPLS and network diagram? 

    What is the firmware version on your firewall?

    Thanks,

  • 0 in reply to FormerMember

    I will probably send these ones by one. so, Vlan550 is for internet. there I have our public ip.
    Vlan551 is for data. There I have put the VLAN IP address given to us by our ISP.
    Basically, everything has been done on their side and all I have to do is put a router on the Branch sit, Sie1, and assign that port an IP address given to me by the ISP. Which I did.

Reply
  • 0 in reply to FormerMember

    I will probably send these ones by one. so, Vlan550 is for internet. there I have our public ip.
    Vlan551 is for data. There I have put the VLAN IP address given to us by our ISP.
    Basically, everything has been done on their side and all I have to do is put a router on the Branch sit, Sie1, and assign that port an IP address given to me by the ISP. Which I did.

Children