I have two Firepowers in two remote offices and i have two ISPs in each office, i had configured vti ipsec vpn between two offices but they are working with static routes, can i configure dynamic routing protocols for failover vpn? I tried to configure BGP but neighbours idle, what can you advice?
i have configured two vti and static routes everything works fine except BGP, i can ping each side with static route but i want dynamic update routes by BGP, in my case BPG neighbours are idle configuration i shared you, what can i do to up neighbours? Do i need to open 179 port from WAN?
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, V - VPN i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, + - replicated route SI - Static InterVRF, BI - BGP InterVRF Gateway of last resort is x.x.x.x to network 0.0.0.0
S* 0.0.0.0 0.0.0.0 [1/0] via y.y.y.x, Link-to-ISP1 C 10.20.82.0 255.255.255.252 is directly connected, vti_10.20.82.1 L 10.20.82.1 255.255.255.255 is directly connected, vti_10.20.82.1 C 10.20.82.4 255.255.255.252 is directly connected, vti_10.20.82.5 L 10.20.82.5 255.255.255.255 is directly connected, vti_10.20.82.5 C 10.20.82.12 255.255.255.252 is directly connected, vti_10.20.82.13 L 10.20.82.13 255.255.255.255 is directly connected, vti_10.20.82.13 C 10.20.82.16 255.255.255.252 is directly connected, vti_10.20.82.17 L 10.20.82.17 255.255.255.255 is directly connected, vti_10.20.82.17 S 10.57.0.0 255.255.0.0 [1/0] via 10.20.82.2, vti_10.20.82.1 C 10.56.0.0 255.255.254.0 is directly connected, Network_Management L 10.56.0.1 255.255.255.255 is directly connected, Network_Management C 10.56.10.0 255.255.254.0 is directly connected, Server_Management L 10.56.10.1 255.255.255.255 is directly connected, Server_Management C 10.56.12.0 255.255.255.0 is directly connected, Shared_Server L 10.56.12.1 255.255.255.255 is directly connected, Shared_Server C 10.56.14.0 255.255.254.0 is directly connected, WLAN_Management L 10.56.14.1 255.255.255.255 is directly connected, WLAN_Management C 10.56.16.0 255.255.254.0 is directly connected, Production_3 L 10.56.16.1 255.255.255.255 is directly connected, Production_3 C 10.56.18.0 255.255.255.128 is directly connected, PRODUCTION_1 L 10.56.18.1 255.255.255.255 is directly connected, PRODUCTION_1 C 10.56.18.128 255.255.255.128 is directly connected, PRODUCTION_2 L 10.56.18.129 255.255.255.255 is directly connected, PRODUCTION_2 C 10.56.19.0 255.255.255.0 is directly connected, PRODUCTION_Server L 10.56.19.1 255.255.255.255 is directly connected, PRODUCTION_Server C 10.56.20.0 255.255.254.0 is directly connected, 4_PRODUCTION L 10.56.20.1 255.255.255.255 is directly connected, 4_PRODUCTION C 10.56.22.0 255.255.254.0 is directly connected, Wi-Fi_Leaders L 10.56.22.1 255.255.255.255 is directly connected, Wi-Fi_Leaders C 10.56.24.0 255.255.248.0 is directly connected, Wi-Fi_Employee L 10.56.24.1 255.255.255.255 is directly connected, Wi-Fi_Employee C 10.56.32.0 255.255.248.0 is directly connected, Wi-Fi_Guest L 10.56.32.1 255.255.255.255 is directly connected, Wi-Fi_Guest C 10.56.40.0 255.255.248.0 is directly connected, Maintenance_Device L 10.56.40.1 255.255.255.255 is directly connected, Maintenance_Device C 10.56.48.0 255.255.248.0 is directly connected, VoIP L 10.56.48.1 255.255.255.255 is directly connected, VoIP C 10.56.56.0 255.255.252.0 is directly connected, End_Device L 10.56.56.1 255.255.255.255 is directly connected, End_Device C 10.56.64.0 255.255.240.0 is directly connected, End_User L 10.56.64.1 255.255.255.255 is directly connected, End_User V 10.56.80.10 255.255.255.255 connected by VPN (advertised), Link-to-ISP1 C 10.56.86.0 255.255.254.0 is directly connected, Camera L 10.56.86.1 255.255.255.255 is directly connected, Camera S 10.58.0.0 255.255.0.0 [1/0] via 10.20.82.14, vti_10.20.82.13 C y.y.y.0 255.255.255.0 is directly connected, Link-to-ISP2 L y.y.y.y 255.255.255.255 is directly connected, Link-to-ISP2 V 192.168.70.6 255.255.255.255 connected by VPN (advertised), Link-to-ISP1 C x.x.x.y 255.255.255.240 is directly connected, Link-to-ISP1 L x.x.x.x 255.255.255.255 is directly connected, Link-to-ISP1
The neighbor command you have configured should be the VTI interface IP of the remote side, verify that this is correct on both ends.
Is BGP flapping or just never being established?
Are you using BGP authentication? if yes, have you verified that the passwords match on both sides?
Are you redistributing connected and / or static? If yes, remember to configure route maps to exclude the public IP (VTI source IP) from being learned over BGP as this will cause problems.
-- Please remember to select a correct answer and rate helpful posts
The neighbor command you have configured should be the VTI interface IP of the remote side, verify that this is correct on both ends.
Is BGP flapping or just never being established?
Are you using BGP authentication? if yes, have you verified that the passwords match on both sides?
Are you redistributing connected and / or static? If yes, remember to configure route maps to exclude the public IP (VTI source IP) from being learned over BGP as this will cause problems.
I need BGP to failover VTI interfaces, to send traffic from secondary VTI if main VTI down. I configured BGP neighbours with WAN IP and it is never estabilished, i don't use authentication
