cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
455
Views
0
Helpful
3
Replies

OSPF over SP's managed VPN

shitching
Level 1
Level 1

I'm trying to configure two routers using OSPF, the routers are seperated by a SP's VPN, which is unable to participate in routing with our networks because it is fully managed by our SP.

We don't currently use a routing protocol, so if you think this can be achieved better with a different protocol please give me your ideas. The solution needs to use few hello packets and a long dead timer (maybe 1 and 10 minutes), be able to redistribute static routes, and allow me to configure a backup ISDN connection.

The routers are both 3640s, they can communicate using IP over our SP's VPN. Our SP has assured me that they do not block any traffic between our sites, including routing protocols.

I've tried configuring both routers with OSPF, with and without a virtual link. I'm not seeing any OSPF packets going between the two and they fail to attempt to form an adjacency.

Both routers have a static route to the other, with the local VPN router as the next hop.

Here's a stippet of their configurations (IOS 12.2(7)):

Router1:

--------

interface Ethernet0/0

ip address 192.168.1.14 255.255.255.0 secondary

ip address 10.0.1.1 255.255.0.0

full-duplex

service-policy output voip

router ospf 1

router-id 10.0.1.1

log-adjacency-changes

area 1 virtual-link 192.168.50.5 authentication-key <password>

redistribute static subnets

network 10.0.1.1 0.0.0.0 area 1

Router2:

--------

interface Ethernet0

ip address 192.168.50.5 255.255.255.0

no ip directed-broadcast

ip nat outside

ip ospf authentication-key <password>

router ospf 1

redistribute static subnets

network 192.168.50.5 0.0.0.0 area 1

area 0 authentication

area 1 virtual-link 10.0.1.1 authentication-key <password>

When I do show ip ospf virtual-links on Router1 I get:

-----

Virtual Link OSPF_VL0 to router 192.168.50.5 is down

Run as demand circuit

DoNotAge LSA allowed.

Transit area 1, Cost of using 65535

Transmit Delay is 1 sec, State DOWN,

Timer intervals configured, Hello 5, Dead 40, Wait 40, Retransmit 5

TIA for your help.

3 Replies 3

thisisshanky
Level 11
Level 11

Hi,

You havent enabled OSPF On the interfaces connecting to your ISP...You have just enabled them on the ethernet interfaces. Is the 3640 connecting to the ISP via serial interface. If yes you need to enable OSPF on that interface too. For that you will need to configure one more network statement matching the serial interface network address.

Also if you plan to put the service provider cloud in area 0, then you dont need virtual link between the sites. If you plan to put one LAN at either one of the 3640 into area 0, then you will need a virtual link if you plan to use multiple areas at each site.

I guess your SP is using a MPLS VPN.

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

Thanks for your reply, and sorry if I didn't make my issue clear.

The VPN is a fully managed service. The SP provides and manages the routers, which connect to our LANs. The routers that I'm trying to configure are on the same LAN as the VPN routers.

Therefore, any routing communication has to be done via Ethernet, through the SP's VPN. There can't be any routing communication between our routers and the SP's routers.

Any ideas?

Hello,

if the config you posted is the full config, your virtual link is not going to work because you only have one area. Try to reduce your config to the following:

Router1:

--------

interface Ethernet0/0

ip address 192.168.1.14 255.255.255.0 secondary

ip address 10.0.1.1 255.255.0.0

full-duplex

service-policy output voip

router ospf 1

router-id 10.0.1.1

log-adjacency-changes

redistribute static subnets

network 10.0.1.1 0.0.0.0 area 1

Router2:

--------

interface Ethernet0

ip address 192.168.50.5 255.255.255.0

no ip directed-broadcast

ip nat outside

router ospf 1

redistribute static subnets

network 192.168.50.5 0.0.0.0 area 1

If this doesn´t work, can you post the full config ?

Regards,

Georg

Review Cisco Networking for a $25 gift card