Routing – Rounting between two LANs with two gateways

You are correct, if you have a free interface (eg. X6) on each router connect ISP-LAN at each site to that interface. I don't know if the SonicWALLs support VRRP but it is not needed. DHCP will not cross subnets unless you enable an IP Helper.

The ISP-LAN connection replaces your VPN but you will need to add some routes (which would have been implied or created previously due to the VPN). I'm guessing your ISP will refer to this has a managed VPN, an MPLS or a VLAN network.

However you will need to know what IPs/network your ISP has assigned to each ISP-LAN (where you have "???" in your picture).

First Case: IF your ISP has given you IPs on your subnets at each site (eg. 10.10.1.254 at Site 1 and 192.168.1.254 at Site 2) then you can route via these IPs. Assign (or leave) X6 on the LAN (same as X2/X3/etc). Then go to Network | Routing. You will need to create a route on each site (or you could use RIP, but not needed for 2 sites).

At Site 1 your route will be something like:

Source: Any
Destination: Site2 Subnet (192.168.1.0 / 255.255.255.0)
Service: Any
Gateway: ISP-LAN IP (10.10.1.254)
Interface: LAN/X0  (since it's on the LAN)
Metric: 20 (should be fine)

Create a similar route at Site 2 (but Destination of Site 1's Network using the Gateway of ISP-LAN at Site 2 [192.168.1.254]). I've done this for clients when this is how the ISP has configured things (used IPs on the local LAN to provide access via "the cloud").

Second Case: HOWEVER, if the ISP has used a DIFFERENT subnet for the ISP-LAN connection (such as 172.16.1.x or something) then you will need to configure X6 to be on that subnet, you won't need NAT. I've also done this for clients (where the ISP provides a 3rd subnet to join to 2 sites) -- in this case X6 will be on that 3rd subnet and the routes will be created automatically [just allow access with firewall rules].

So a QUESTION for you: What is the IP/subnet of the ISP-LAN at each site? Is it as you have in your picture (the X6 / ??? IPs) or is it something else?

EDIT: (since I can't add a comment)

I'm glad that helped. You would have DHCP traversing if the ISP configured the link as a Layer 2 link (essentially a VLAN) between the 2 ISP routers -- DHCP wouldn't cross Layer 3 without assistance but will Layer 2 (like on a switch). Now that you have added a different subnet to the link (your 10.0.0.1/30 subnet) you should be fine (the routers won't pass DHCP broadcast traffic beyond the subnet).

You can configure the routes with Probes so that they will deactivate if something fails, if you convert your VPN from an IPsec Policy VPN to a Tunnel Based VPN (which uses routes for the VPN) you can have it fail-over if you wanted. BUT since the ISP's VLAN and the Internet based VPN are running through the same ISP router the chance of only ONE failing is slim. (if you had a different back-up ISP then having a backup VPN would be a good idea)

As for the speed issue, I would check if you have BWM enabled on either router, other than that contact your ISP.

The solution you suggest might work as long as you do not need to do NAT on the Cisco. You can simply configure eg 192.168.1.10 on the interface as follows:

FastEthernet X ip address 192.168.1.10 255.255.255.0 secondary

Then add a default route towards your VDSL router. Do not forget to also add a static route for you internal network to the VDSL router via the Cisco. If that is not possible you need to do NAT...

Another solution would be to define a second VLAN, eg. VLAN 2 on the Cisco and place one of the switchport Interfaces into that VLAN and the route between these two interfaces as above. This would also enable you do do NAT.

But the relay easiest way would be to just reconfigure your VDSL router's LAN IP to be 192.168.10.236 and disable the DHCP server on it, then connect it to your switch, magic done.