Question : Replace VPN with MPLS link

I have 3 sites connected via VPN using RV042s at each site and 3 public IPs.  Of course, each site has a different private subnet for this to work (and for other reasons).
So, assume

The VPN boxes are separate from our internet gateways.  So, the gateways route traffic destined for a remote subnet to the local address of the local VPN box.

We are going to install private links on fiber between sites - provided by our ISP.
So, we won't need the VPNs when this is available.

What I'm trying to figure out is how to implement the routing from site to site with the new arrangement.  

One thought is to continue to use the RV042s as routers with a new "interim private subnet" on the WAN side.    
Let's assume
So, the 3 RV042s there would be
and, no VPN - just straight through NAT.
And, I'd leave the route to the RV042s in each gateway.

Does that make sense?

We also have a LAN switch SWR208 where we could establish a new VLAN for this purpose.  But, I'm not sure how to set it up.  That is, if I plug the link cable into this switch on a new VLAN port, how would I route from VLAN1 to VLAN2 in the switch?
Where VLAN1 is and VLAN2 is .... ??

I might also set up a new interface in the gateway router to plug the link cable into.
Then route from the current LAN to the remote LANs somehow.
But, I'm not sure how to do this either.
This one is a Juniper Networks SSG-5.

I'd really like to keep the interface boxes separate from the gateway box as it is now with the VPNs.  This makes working on the system a bit easier and less prone to downtime when changes are being made.

Answer : Replace VPN with MPLS link

I believe is it wise to keep three separate subnets. That will avoid sending broadcast traffic between sites. Also, it will mean each site has its own DHCP, which they needs since they will have different default gateways for the LAN, etc.

NAT is, most likely, disabled for traffic through VPN tunnels - like today.

About the routing from the RV042: Today you probably have it set-up with a public IP on the WAN side, and with a WAN side "default route" to the IP of your cablemodem, or whatever your internet access is. With the new set-up, with the WAN side of the RV042 connected to the fiber (through some media converter or CPE), the WAN IP will be something like 192.168.x.1 and 2 and 3 (subnet mask, as you said above. That means that the 3 RV042 will share the same subnet on the WAN side, which means you will not need a "default rute"/"default gateway" on the WAN side for them to be able too "see each other" and bring up the VPN tunnels.

Once the tunnel is up, routing through it is usually 'automatic' - as today.

Assume you manage to disable NAT and tunnels on the RV042, which would mean it will work as a simple router. Assume now that a PC on LAN1 has a packet to send to LAN2. The PC sends it to its default gateway (unless to configure routes in each PC). The default gateway is the SSG-5, which has a route for LAN2 network /24 pointing to the RV042. The RV042 receives the packet.

Now, if there is no VPN tunnel up, the RV042 in LAN1 will have no idea of where /24 is located. It would need to have a static route sending network /24 to next hop 192.168.X.2 .

This basically means that if you do not have tunnels, you will need static routes between sites.

Random Solutions  
programming4us programming4us