How to do virtual routing for a third ISP (new MPLS)?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to do virtual routing for a third ISP (new MPLS)?

Not applicable

We have setup in our PA-500 two ISP interfaces:  Primary (eth1/1) is our primary Internet connection, and the Secondary (eth1/2) is our Backup ISP (configured for failover, and this one also is an MPLS connection to another site). Eth1/3 is our private LAN.

There are two virtual routers setup for this scenario (also including GlobalProtect configurations):

vr1.JPG

Routes:

PrimaryVR

default - destination: 0.0.0.0 - type: ip-address - value: <primary ISP>

gp - destination: <GP private addressing> - interface: tunnel-1

LAN - destination: <private LAN> - type: next-vr - value: SecondaryVR

SecondaryVR

default - destination 0.0.0.0 - type: ip-address - value <secondary ISP>

gp - destination: <GP private addressing> - type: next-vr - value: PrimaryVR

Now, we have a new circuit brought in that will MPLS to the company that acquired ours.  I've set up eth1/4 for the interface to the new MPLS, and I've set up addresses/groups for all the locations in the new MPLS, Security Zone, NAT, Policy Based Forwarding (traffic destined for the new MPLS to use eth1/4).  Where I have questions is how to configure the static routing in the virtual routers for the new MPLS connections.  Do I have to setup a third virtual router with the default going to the MPLS gateway?  If so, what routes under that do I add to connect it to the other two virtual routers?  Or, do I just add the eth1/4 interface to say PrimaryVR and the Policy Based Forwarding rule will route to the appropriate interface instead of the default value (but then do I add static routes for all the other MPLS site locations in the router too)?

Looking for some advice.

1 accepted solution

Accepted Solutions

then just add the eth1/4 interface to say PrimaryVR and add static routes for all the other MPLS site locations in the PrimaryVR that all

View solution in original post

6 REPLIES 6

L3 Networker

Hi,

Depends on what destination ips are routed through the MPLS. If you are routing traffic to LAN on the other side of MPLS then a static route on one of the VR (lets say primary VR) and on Secondary VR you can configure a route that says next hop to LAN is primary vr. Is this what you are trying to configure ?

With the new MPLS, access from those multiple sites to my internal LAN and vice versa is needed.  I'll test with static routes in the PrimaryVR for all the outside MPLS sites.

L4 Transporter

Hello

did you check that

https://live.paloaltonetworks.com/docs/DOC-4500

only one VR is needed

I think for a backup link you need to create a PBF rule which direct the traffic to primary next hop with monitor and define the default route to the backup next hop in the virtual router  like explain in this doc

and for the New MPLS create a static route in the VR.

The backup ISP and PBF rule scenario was already created, in place and working for a few months now.  I'm only concerned with the new MPLS connections at this time.  Thanks though.

then just add the eth1/4 interface to say PrimaryVR and add static routes for all the other MPLS site locations in the PrimaryVR that all

I did that this morning, and it worked fine.  Thanks!

  • 1 accepted solution
  • 4949 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!