Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 1264 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Assistant with setting up MPLS

notapplemaxwindows1

Hi All, 

I am having trouble getting my MPLS to working between 2 Sophos firewalls. 

Here is my topology:

I have tried putting routes in place etc.. but cannot get it to work and just getting confused now. Is anyone able to confirm what I need to do to get traffic flowing over the MPLS Circuit?

I have the relevant firewall rules in place for site A subnet to site B subnet, but I would love it if someone could help?

Thanks all!



This thread was automatically locked due to age.
Parents
  • 0

    Hello there,

    Thank you for contacting the Sophos Community!

    I would recommend you terminate the MPLS in the XG. 

    If you do drop-packet capture do see traffic being dropped by the XG?

    console> drop-packet-capture host x.x.x.x (x.x.x.x IP of one of the hosts)

    Is the MPLS port in the XG configured as LAN or WAN?

    Regards,

  • 0 in reply to emmosophos

    Hi Emma, 

    The Circuit is provided by the ISP and we get a port on their CPE router for the MPLS, which I have connected to the Sophos and configured the port on the LAN zone. I can communicate from a device on SITEA LAN to the Sophos MPLS port at SITEB but putting in the following route and enabled MASQ on the LAN to LAN NAT rule.

    Destination: 172.16.10.0/24

    gateway: 172.16.11.1

    interface: 172.16.11.2

    But if I create the following route:

    Destination: 10.0.1.0/24

    gateway: 172.16.11.1

    interface: 172.16.11.2

    I cannot see the traffic being pushed out of the MPLS port via packet capture. 

    I'll try what you mentioned either this evening or tomorrow evening. 

    Thank you

Reply
  • 0 in reply to emmosophos

    Hi Emma, 

    The Circuit is provided by the ISP and we get a port on their CPE router for the MPLS, which I have connected to the Sophos and configured the port on the LAN zone. I can communicate from a device on SITEA LAN to the Sophos MPLS port at SITEB but putting in the following route and enabled MASQ on the LAN to LAN NAT rule.

    Destination: 172.16.10.0/24

    gateway: 172.16.11.1

    interface: 172.16.11.2

    But if I create the following route:

    Destination: 10.0.1.0/24

    gateway: 172.16.11.1

    interface: 172.16.11.2

    I cannot see the traffic being pushed out of the MPLS port via packet capture. 

    I'll try what you mentioned either this evening or tomorrow evening. 

    Thank you

Children
No Data