Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
871
Views
5
Helpful
3
Replies

BGP connect problem

Go to solution
zachlin19381
Level 1
Level 1

‎01-13-2021 06:19 AM

I want to use anyconnect vpn to a server that using BGP to connect.

I found a problem that BGP can not transfer route of the vpn pool so that packet can send out but not send back...

Is that firepower don’t have vpn route so cause this problem?

Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎01-13-2021 08:29 AM

I agree with @balaji.bandi that we do not have enough understanding of this environment to be able to understand the issue or to give good advice. It does seem that part of the issue is that BGP is not advertising the IP subnet of the AnyConnect address pool. And there are some things that we can say about that part of the problem.

1) For BGP to advertise a subnet there must be an entry in the IP routing table of the device running BGP for the subnet (and with matching subnet mask). Check the routing table and see if there is an entry that matches the address pool.

2) If there is an entry in the routing table then check the BGP configuration and verify that the appropriate commands are in BGP to advertise this subnet. (might be a network command, might be a redistribute command, etc)

3) If there is a command to advertise this subnet then check the BGP configuration for some policy filtering the advertised routes for something that would block this prefix from being advertised.

 

I suspect that BGP is not the only part of this issue. But it is a good place to start. Once you have sorted out the BGP issues please provide more information about the environment and about what issues you are experiencing.

HTH

Rick

View solution in original post

0 Helpful
3 Replies 3

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎01-13-2021 08:13 AM

we do not have no idea, what is your setup, what IP address, what is working, what BGP working,..like so many questions i can ask.

So pelase  provide :

 

1. how is your network.

2. what device you working on

3. do you have high level diagram show what is the issue.

4. what IP address working or not working ?

5. what BGP, iBGP or eBGP ?

6. what is the routing enabled where ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to balaji.bandi

‎01-13-2021 08:29 AM

I agree with @balaji.bandi that we do not have enough understanding of this environment to be able to understand the issue or to give good advice. It does seem that part of the issue is that BGP is not advertising the IP subnet of the AnyConnect address pool. And there are some things that we can say about that part of the problem.

1) For BGP to advertise a subnet there must be an entry in the IP routing table of the device running BGP for the subnet (and with matching subnet mask). Check the routing table and see if there is an entry that matches the address pool.

2) If there is an entry in the routing table then check the BGP configuration and verify that the appropriate commands are in BGP to advertise this subnet. (might be a network command, might be a redistribute command, etc)

3) If there is a command to advertise this subnet then check the BGP configuration for some policy filtering the advertised routes for something that would block this prefix from being advertised.

 

I suspect that BGP is not the only part of this issue. But it is a good place to start. Once you have sorted out the BGP issues please provide more information about the environment and about what issues you are experiencing.

HTH

Rick
0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Richard Burts

‎01-19-2021 07:02 AM

I am glad that our suggestions have been helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card