04-01-2020 04:56 PM
I am looking for some guidance related to bgp configuration, We currently have two routers which are using the same AS number to build neighbor with the headend router via ipsec tunnel built over broad band link.
I see the bgp is up only for one of the router and other is not coming up.Please suggest if the above scenario will work.
04-01-2020 06:51 PM
04-01-2020 10:38 PM - edited 04-01-2020 10:40 PM
Hi,
1. Are both IPSec tunnels up and running?
2. Are the BGP peering addresses routable over the IPsec tunnel and member of the encryption domain?
3. Have you properly configured iBGP, with neighbour and/or update-source? For BGP over IPsec, update-source may be required, otherwise traffic may be initiated with the exit interface IP address which may not be part of the encryption domain
4. Is this BGP peering traffic excluded from any NAT configured on any of the gateways?
5. Do you have any VPN filters attached to your VPN tunnel?
6. On the BGP peering which is not functional, assuming you know based on your config, on which IP addresses should the peering run, can you simulate that TCP connection over port 179 via telnet from one router to the other?
Confirm/infirm the above by looking again at the configs, more carefully.
Regards,
Cristian Matei.
04-09-2020 07:20 AM
Thank you all for your inputs, There was a static route issue on our headend ipsec firewall which seems to fixed the issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide