ANNOUNCEMENT - The community will be down for maintenace this Thursday August 13 from 12:00 AM PT to 02:00 AM PT. As a precaution save your work.
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1544
Views
25
Helpful
20
Replies
Highlighted
Hall of Fame Guru

Re: Announce OSPF inside IPSec

Thank you for posting the diagram and the router configurations. I suspect that we may have multiple issues to deal with. I will start with 2 and after they are resolved we will see what else we need to address.

 

First I have an architectural concern. When you described 4 sites running OSPF I expected to see 4 non backbone areas (one area per site) with an area 0 backbone in the middle. What we have here appears to be area 0 backbone at one site and 3 non backbone areas. You could make this work, but it will be a bit more complex. I wonder if there was a particular reason to set it up this way?

 

Second I looked at one of the site routers. I see the configuration of a VTI tunnel and I see OSPF for the tunnel. But when I look at the ISP router configuration I do not see any tunnel configured and I do not see any OSPF configured. I see 2 interfaces with RIP running on both interfaces. Why are you running RIP on the interface connecting to the site? Why is there no tunnel? And why is there no OSPF on the ISP router?

 

HTH

 

Rick

HTH

Rick
Highlighted
Beginner

Re: Announce OSPF inside IPSec

Hello, how are you? Responding the first question: since in the project is asked to work with hub-and-spoke, i thought that the hub would be the backbone area and the spoke would be the areas 10, 20 and 30. So, do i have to make the ISP an Area 0, and each site assign a Area?

 

Second response: yeah i've talked with some colleagues and they said that same thing, that the border routers of each site dont have to announce RIPv2, the RIPv2 will only run inside ISP. And the interfaces for the each border routers would be and OSPF. I've thought that i would announce the OSPF routes inside the IPSec tunnel that is reachble through the RIPv2.

 

So, if i get it, i need to configure:

  1. The border router of each site would be an Area, and the Backbone Area would the ISP (each interface for the site would be a OSPF interface)

  2. The tunnel is created to make the connectivity between the OSPF interface of the ISP connect to the OSPF interface of other site (not that is connected to).

 

But, i am in doubt: what is the purpose of the tunnel then? How i would fix that?

 

Thanks!

Highlighted
Hall of Fame Guru

Re: Announce OSPF inside IPSec

OK. It is helpful to know that the project asked for hub and spoke. That is quite possible. You should configure the VTI tunnels so that they go from the spoke router to the hub router (rather than to the ISP router). If you configure it this way then OSPF runs through the tunnel and the ISP routers are not involved in OSPF at all. RIPv2 would run on ISP routers, on the interfaces connecting the ISP routers to your routers, and on your routers interface connecting to the ISP (but not on your LAN or on the VTI tunnel). And RIPv2 would advertise only the subnets of interfaces connecting to ISP routers. This will mean that each of your spoke routers would have routes to the hub interface and the tunnel could work.

 

HTH

 

Rick

HTH

Rick
Highlighted
Beginner

Re: Announce OSPF inside IPSec

Hey guys, sorry for the late response. In this weekend i've reworked all the routing topology. I've get rid of RIPv2 and make the ISP talk OSPF in own area. I've made each branch and the main office in your respective area (using virtual-link, i don't know if this solution is old or bad, but it works. maybe it will need some analyze for security reasons or other stuff, but for this project is working good) and all is working fine!

I've created the IPSec tunnels and made each LAN talk with other LAN.

 

So, my routing problem is solved thanks for your insights and ideas!

 

Thanks for your time and your patience. See you around!

 

Bye!

Highlighted
Beginner

Re: Announce OSPF inside IPSec

Hey guys, sorry for the late response. In this weekend i've reworked all the routing topology. I've get rid of RIPv2 and make the ISP talk OSPF in own area. I've made each branch and the main office in your respective area (using virtual-link, i don't know if this solution is old or bad, but it works. maybe it will need some analyze for security reasons or other stuff, but for this project is working good) and all is working fine!

I've created the IPSec tunnels and made each LAN talk with other LAN.

 

So, my routing problem is solved thanks for your insights and ideas!

 

Thanks for your time and your patience. See you around!

 

Bye!

Everyone's tags (1)
Highlighted
Hall of Fame Guru

Re: Announce OSPF inside IPSec

Thank you for the update that you have it running successfully and that your routing issue is solved. I am glad that our suggestions have pointed you in the right direction. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information.

 

HTH

 

Rick

HTH

Rick
This widget could not be displayed.