hi, 

the router is a draytek. it's the actual setup for BT Clear IP ADSL that i'm not sure about.

It's a little bit confusing as it's all new to me. Basically we have been provided by BT:

PE ROUTER IP: 1.2.3.4 (which I understand is the provider edge router and the entry into the MPLS network)
STATIC LOOP BACK IP ADDRESS: 10.1.1.1 (obviously specified by somebody to BT as it was our LAN router address)
ADDRESS PREFIX: 10.1.1.1.
NETMASK: 255.255.255.255

Currently, our public WAN IP for this site is say 2.2.2.2 and our LAN IP range is (as above) 10.1.1.1/24

What i'm trying to find out is:

1. Do i now have to change the WAN address on our CE Router to:
WAN IP: 10.1.1.1  (and discard the public 2.2.2.2)?
MASK: 255.255.255.255
GATEWAY: 1.2.3.4 (ISP's PE ROUTER)

2. If so, what happens to our internal addresses (10.1.1.1/24)? Do I have to change them totally eg WAN IP= 10.1.1.1, LAN IP= 192.168.1.1/24 or do I just turn off NAT? Can a static route help here?
3. The IPSEC vpn's that we run, do we need these any more?

4. Let's say we want to break out of our router (guest access) at the CE Router, how do we do this?

It appears to me as if what once was a private network being tunneled over the public internet via IPSEC, is now about to become a totally private network without the need for IPSEC and there isn't a need for a public ip address?
Probably some silly questions here but it's been dumped upon me all of a sudden.

I am a bit out of depth here, just for my own understanding: you have a PN at 10.x.x.x at the moment working? Why would you want to transfer your infrastructure to 192.168.x.x?

What is your final target? The LAN as usual and a public server structure accessible externally? Or an isolated LAN which communicates as usual per VPN? Or a bit of both?

Seems you should define targets first and adjust the IT and not the other way round.

My very advise would be to get someone professional to analyse your needs. I might be wrong but from your description I would believe that there is a bit a bigger infrastructure existing. Getting all that changed can turn out to a lifetime project if it is not getting planned properly.

Basically, we had a site (let's call it site B) that had a WAN address of say 82.82.82.82. Behind that we had a LAN subnet of 10.1.1.1/24 with the private router IP of 10.1.1.1. The 10.1.1.1/24 communicated with SITE A (Corporate Headquaters) with an IPSEC tunnel. So nothing unusual about this setup as it's a bog standard office to office setup.

Now it seems that Corporate Headquaters (SITE A) has now connected to the BT MPLS network and we are trying to connect our branch offices.

BT have supplied us details of their PE Router IP eg 4.4.4.4 which is where we enter the MPLS network. Now obviously, the MPLS has to have routing tables that are aware of our CE Router and in this case (somebody, not me) has specfied the CE Router address as 10.1.1.1 (which it currently is).

BT have then come back and specified a loopback address as 10.1.1.1/32 which is how the PE Router will route to the CE Router.

What I'm asking is:

1. Does that now mean that the WAN side of the CE Router has to be change to 10.1.1.1/32 from 82.82.82.82? That is the only way I can see it working.

2. If so, that means that the WAN side IP of the CE Router has an address that is currently in the subnet of the LAN side ie WAN= 10.1.1.1/32 and the current LAN = 10.1.1.1/24 which I've never done (or heard of) before.

If the WAN side does indeed need to change to 10.1.1.1/32, it strikes me that there is no need for th IPSEC vpn's anymore eg 10.1.1.1/32 (SITE B) will communicate with 10.2.2.1/32 (SITE A) directly via the MPLS network.

And if the above is correct, how does traffic that is bound for the internet (not the MPLS network) get to the internet? Does this happen at the entry PE Router?

I will ask for help on this one but at the moment, I'm trying to get my head around it. It's (MPLS) all new to me as I'm an old fashioned IPSEC kind of guy.