[ previous ] [ next ] [ threads ]
 
 From:  "Adam Armstrong" <adama dash lists at memetic dot org>
 To:  "'Lee Sharp'" <leesharp at hal dash pc dot org>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] SDSL/MPLS cross-site link
 Date:  Tue, 6 Dec 2005 13:17:02 -0000
> From: "JT" <j dot tarot at tecsas dot fr>
> > I've no control on cisco (1700) routeurs which are managed by the ISP.
> 
> This could be a problem.  You will need the cooperation of the ISP.
> 
> > ATM, I've made the base setup so, from the m0n0wall interface, I can
> > ping the ciscos. But no chance from the LANs.
> > I've tried to add a rule that allow all trafic from "SDSL nets" on
> > opt1 interfaces to any... still unsuccessful.
> 
> You need static routes to the Cisco routers for the other LAN.  However,
> the
> Cisco routers also need those static routes.  It sounds like the Cisco
> routers don't know about any of the 192.X.X.X addresses, so the packets
> stop
> there.  Try a traceroute, and I bet you fail at the Cisco.

Does your ISP allow you to inject routes into their CPE router via a routing
protocol?

The standard way for an ISP to propagate customer routes across an MPLS VPN
is by using OSPF/RIP and then propagating them across it's network using
MP-BGP. Unfortunately m0n0wall, afaik, can't do any dynamic routing, but if
the ISP allows it, you might be able to find a cheap router to stick between
the CPE and m0n0wall or use pfSense+zebra or something.

Is this just a simple point to point link? Or are there multiple sites
connected via it?

Adam.