Hi Everyone,
I am racking my brains on this one. I have an XG 210 cluster in head office and an existing MPLS Private WAN- the IP Interface for this router is on the same subnet as the LAN interface of the Firewall. I am shutting down each WAN site and moving them to an XG1xx and public Internet connections that will all terminate on the XG210 Cluster. I have stood up the first site, IPSEC VPN works perfectly, VPN routes in place for DNS Request routing for AD etc, Head office to Branch office VoIP calls work perfectly. However, now branch sites still active on the MPLS WAN side cannot route to the VPN endpoint network that was previously on the WAN, this is a big issue as everyone in the organization Dials and transfers to extension over the WAN and now VPN.
I have had the ISP change the route advertisements so that all the MPLS WAN Sites now know to go via the Firewall as the next hop which in theory should go over the VPN and return.
I have tried adding just one MPLS WAN remote site into the VPN config and still doesn't work. the XG210 has all the routes in it to go to MPLS WAN sites via the WAN router.
Example of Topology
LAN 10.10.5.0/24 <Branch Router> *****MPLS***** <Head Office Router> -----10.0.0.0/24----<Firewall> -----///IPSEC VPN///-------<Branch Firewall> LAN 10.10.3.0/24
Traceroute from LAN 10.10.5.0 stops at LAN Interface of Firewall.
Any suggestions would be greatly appreciated.
This thread was automatically locked due to age.
