Skip to main content
Greggor25
Greggor25
New Member
July 1, 2019
Solved

MPLS Routing Fortinet with AT&T

  • July 1, 2019
  • 1 reply
  • 7220 views

I'm having some routing issues with an MPLS circuit that terminates on an interface to my Fortinet. 

MPLS Fortinet Interface IP:10.200.66.1

AT&T MPLS HSRP Router IP:10.200.67.2

I've added a static route for 198.105.206.0/24 to HSRP 10.200.67.1.  I've created a security policy for my internal/trusted zone to MPLS to allow everything. I can't ping anything on the other end but the LAN. 

I don't maintain the AT&T Cisco router or any of the config.  I was told by the vendor to add their public blocks via static route and point to HSRP of the cisco router.  I'm at a loss here.

Here is traceroute that shows it makes it to AT&T MPLS router but nowhere else:

Tracing route to ts099.scl.five9.com [198.105.206.150] over a maximum of 30 hops:   1   1 ms   <1 ms   1 ms 10.200.32.1   2   <1 ms   2 ms   3 ms 192.168.53.1   3   <1 ms   <1 ms   <1 ms bedfordfortigate.daystartv.internal [10.200.106.1]   4   <1 ms   <1 ms   <1 ms 10.200.67.2   5   *       *       *   Request timed out.   6   *   ^C H:\>

    Best answer by Toshi_Esumi

    I don't have experiences with AT&T's MPLS. But if they were to asisgn a public subnet on the interface, the HSRP interface should have the public subnet (likely /29, or in addition to 10.200 IPs only to communicate between two Cisco routers). You should be able to call in their support and ask what you should configure on your FGT interface with what GW IP.

    1 reply

    Toshi_Esumi
    SuperUser
    Toshi_EsumiAnswer
    SuperUser
    July 1, 2019

    I don't have experiences with AT&T's MPLS. But if they were to asisgn a public subnet on the interface, the HSRP interface should have the public subnet (likely /29, or in addition to 10.200 IPs only to communicate between two Cisco routers). You should be able to call in their support and ask what you should configure on your FGT interface with what GW IP.

    Greggor25
    Greggor25Author
    New Member
    July 2, 2019

    I wasn't informed of a public subnet.  I was just told to connect the MPLS to my LAN and add the public routes of the other side via public block.  

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    July 2, 2019

    If the public subnet is supposed to be configured "inside" interface, you must have ordered to get it from AT&T, then AT&T route that particular subnet from/to the internet to/from your MPLS circuit. If you didn't order it but they say they would provide a public subnet like a /30, that must be for "wan-side" interface to connect to thier MPLS router.

    Either case, call their support. They would tell exactly what you need to do.

    Terms & ConditionsAccessibility statement