This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Static route help

I need help setting up the static routes needed for 2 networks at 2 different locations to communicate with each other over an MPLS network.

Location 1 Sophos Interfaces

192.168.221.1/24

10.1.1.2/30

Location 1 MPLS Router Interface

10.1.1.1/30

Location 2 Sophos Interfaces

192.168.223.1/24

10.1.3.2/30

Location 2 MPLS Router Interface

10.1.3.1/30

I need the 192.168.221.0/24 Location 1 network to be able to communicate with the 192.168.223.0/24 Location 2 network and visa versa. Here is what is in between:

(192.168.221.0/24 Loc 1 network) ->
(192.168.221.1/24 Loc 1 Sophos network interface) ->
(10.1.1.2/30 Loc 1 Sophos MPLS interface) ->
(10.1.1.1/30 Loc 1 MPLS router interface) ->
(10.1.3.1/30 Loc 2 MPLS router interface) ->
(10.1.3.2/30 Loc 2 Sophos MPLS interface) ->
(192.168.223.1/24 Loc 2 Sophos network interface) ->
(192.168.223.0/24 Loc 2 network)

I already have the 2 networks (192.168.221.0/24 and 192.168.223.0/24) nated to our uplink interfaces for internet access. The MPLS interfaces are not set-up as uplink interfaces and do not have gateways configured and should only allow traffic between the 2 networks. The MPLS provider has added our networks to it's configuration and I can successfully ping between the 2 Sophos UTMs over the MPLS, 10.1.1.2 to 10.1.3.2.

My problem is that I don't understand how static routes work. I understand that I am telling the router how to route specific traffic but I don't know how to configure the routes.

Any help will be greatly appreciated.

Thanks,

Warren

This thread was automatically locked due to age.

0 BAlfson over 11 years ago
Hi, Warren,

The UTM in each location knows how to route between its Internal and local MPLS networks. The MPLS network knows how to route between its own devices and the Internal networks at Loc1 and Loc 2. The only thing necessary is to tell the UTM in each location to send traffic for the other location to the local MPLS device.
In Loc 1, add a Static Gateway route to Sophos: 192.168.223.0/24 -> 10.1.1.1
In Loc 2, add a Static Gateway route to Sophos: 192.168.221.0/24 -> 10.1.3.1

Cheers - Bob
PS Please always remember to state the exact version of UTM when posting an issue - 9.106-17?
PPS Outside of QoS in the public network between the two locations, there's nothing that you can do with MPLS that you can't do with a (free) RED tunnel between two UTMs. Since you aren't even trying to have the same subnet in each location, an IPsec site-to-site tunnel might do what you need.
Cancel
Vote Up 0 Vote Down

Cancel
0 warish over 11 years ago in reply to BAlfson

Will the 192.168.223.0/24 traffic that originates in the 192.168.221.0/24 network know how to get to 10.1.1.1, meaning will it go through the 10.1.1.2 interface and not try to go through the 192.168.221.0/24 network gateway of 192.168.221.1 or does it just hop straight to 10.1.1.1 because of the static route ?

Will a tracert from 192.168.221.0 to 192.168.223.0 look like this:

Some ip in 192.168.221.0
10.1.1.1
...
Some ip in 192.168.223.0

or something like this:

Some ip in 192.168.221.0
10.1.1.2
10.1.1.1
...
Some ip in 192.168.223.0

Warren
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 11 years ago

WebAdmin automatically builds routes between the interface "(Network)" objects created when you define a new Interface. If you don't get connectivity with what I described in Post #2, then the MPLS provider will need to know about your .221. and .223. networks.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 warish over 11 years ago in reply to BAlfson

The static routes you suggested work. But firewall rules do not seem to apply to them. How do you restrict services through these routes. I see there is something called "Policy Routes". I played around with these, but could not get them to work.

Thanks,

Warren
Cancel
Vote Up 0 Vote Down

Cancel