Hi all,
we have three offices in an MPLS network that use a vrf and internet connectivity is provided by a firewall located in a datacenter, users to go to the internet have to go through the firewall but I don’t know how to configure the firewall, you have some ideas on how could you get started with the first setup? thank you

Hello Valerio

MPLS is primarily used to connect multiple branch offices so there is connectivity between the remote sites. To access the Internet, you can either have an independent Internet connection at each site, or you can choose to have a single connection to the INternet at one particular office, and have the other sites traverse the MPLS network and exit to the Internet via the same connection.

I assume in your scenario, you have an Internet connection at one of the offices, and the other two offices will gain access to the Internet via that connection. At that location, you have an ASA firewall that serves this Internet connection.

The configuration of the ASA will be independent of your MPLS configuration. In order to achieve routing to direct all Internet-bound traffic to the appropriate device, you can use the global routing table. You can take a look at this Cisco documentation that describes how this is to be achieved using the MPLS configuration of the topology:

In this particular example, you can replace R7 with the ASA. The ASA itself doesn’t have to be aware of the MPLS topology at all, as it doesn’t have to play the role of the PE.

For configuration parameters of the ASA itself, it depends upon what you want to achieve. A good place to start is to take a look at the various ASA lessons that are available on the site at this link:

The Cisco ASA Security Levels lesson is particularly helpful in initially configuring the interfaces appropriately.

If you have any more specific questions as you begin your configurations, let us know!

I hope this has been helpful!