Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 1290 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Assistant with setting up MPLS

notapplemaxwindows1

Hi All, 

I am having trouble getting my MPLS to working between 2 Sophos firewalls. 

Here is my topology:

I have tried putting routes in place etc.. but cannot get it to work and just getting confused now. Is anyone able to confirm what I need to do to get traffic flowing over the MPLS Circuit?

I have the relevant firewall rules in place for site A subnet to site B subnet, but I would love it if someone could help?

Thanks all!



This thread was automatically locked due to age.
Parents
  • 0

    Hello there,

    Thank you for contacting the Sophos Community!

    I would recommend you terminate the MPLS in the XG. 

    If you do drop-packet capture do see traffic being dropped by the XG?

    console> drop-packet-capture host x.x.x.x (x.x.x.x IP of one of the hosts)

    Is the MPLS port in the XG configured as LAN or WAN?

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Hi Emma, 

    The Circuit is provided by the ISP and we get a port on their CPE router for the MPLS, which I have connected to the Sophos and configured the port on the LAN zone. I can communicate from a device on SITEA LAN to the Sophos MPLS port at SITEB but putting in the following route and enabled MASQ on the LAN to LAN NAT rule.

    Destination: 172.16.10.0/24

    gateway: 172.16.11.1

    interface: 172.16.11.2

    But if I create the following route:

    Destination: 10.0.1.0/24

    gateway: 172.16.11.1

    interface: 172.16.11.2

    I cannot see the traffic being pushed out of the MPLS port via packet capture. 

    I'll try what you mentioned either this evening or tomorrow evening. 

    Thank you

Reply
  • 0 in reply to emmosophos

    Hi Emma, 

    The Circuit is provided by the ISP and we get a port on their CPE router for the MPLS, which I have connected to the Sophos and configured the port on the LAN zone. I can communicate from a device on SITEA LAN to the Sophos MPLS port at SITEB but putting in the following route and enabled MASQ on the LAN to LAN NAT rule.

    Destination: 172.16.10.0/24

    gateway: 172.16.11.1

    interface: 172.16.11.2

    But if I create the following route:

    Destination: 10.0.1.0/24

    gateway: 172.16.11.1

    interface: 172.16.11.2

    I cannot see the traffic being pushed out of the MPLS port via packet capture. 

    I'll try what you mentioned either this evening or tomorrow evening. 

    Thank you

Children
No Data
Cookie Information Banner