Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1250
Views
0
Helpful
5
Replies

Connecting 2 VPN networks to core

Karl Breiner
Level 1
Level 1

‎02-24-2013 11:12 AM - edited ‎03-04-2019 07:07 PM

Background: we have an existing VPN ("Provider VPN") that provides an mpls vpn to connect various 10.20.0.0/16 networks to our core router, a Cisco 3825.  The routing protocol the provider has in place is BGP, and the BGP routes to these remote networks can be found in our core.  We would like to create our own VPN networks ("Company VPN") that will be terminated at an ASA 5520, which will be connected to our core router.  We would like the 2 VPN networks to be connected, such that networks on the Company VPN can connect to the Provider VPN and vice versa.

Problem: how do I advertize the 10.60.0.0/16 networks to my core router?  It looks like the ASA does not support BGP. Do I need to use OSPF or RIP, and if so, how does BGP learn about them?                 

Labels:
Preview file
1 KB
0 Helpful
5 Replies 5

Jeff Van Houten
Level 5
Level 5

‎02-24-2013 02:03 PM

How about you just put In a static and redistribute that?

Sent from Cisco Technical Support iPad App

0 Helpful

Karl Breiner
Level 1
Level 1
In response to Jeff Van Houten

‎02-25-2013 09:04 AM

Ok, so I started doing this with static routes.  I now have this route in my core router

ip route 10.60.0.0 255.255.0.0 10.250.0.2 1

My LAN (directly attached to core router) can ping 10.60.0.0 network (and vice versa) but remote sites on 10.20.0.0/16 cannot.  If I trace route from a remote site it dies at my core router.  Does this route need to be redistributed to BGP? If so how?

0 Helpful

paul driver
VIP
VIP
In response to Karl Breiner

‎02-25-2013 09:37 AM

Hello Karl,

Can you elaborate on your company's vpn connection, if possible port some config of the core and the Fw
res

Paul

Please don't forget to rate this post if it has been helpful.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Karl Breiner
Level 1
Level 1
In response to paul driver

‎02-25-2013 04:26 PM

I think this may be the relevant portion of the core router config.  Forgot to mention I actually have 2 routers in the core running HSRP.. that's what standby statements are.

I think Jeff Van Houten's idea is essentially what I need to do.. but it's just a little nerve-racking given the possibility of breaking BGP and the routes to all my external sites, or the possibility of creating an unanticipated routing loop.  I looked in my routing table and I have at least 10 static routes defined- mostly an accumulation of testing various things over the years, many of which were not put there by me.  I'm just concerned the 'redistribute static' command will bring over all these routes that I don't want into my provider VPN networks.  Any way to just single out the static route I mentioned above?  Maybe with a route-map?

Anyway, below is part of my core router config

interface GigabitEthernet0/0

description TO-FIOS

ip address x.x.x.x 255.255.255.0

ip virtual-reassembly max-reassemblies 64

ip route-cache policy

duplex auto

speed auto

media-type rj45

crypto map rtp

!

interface GigabitEthernet0/1

description Link to Linksys Switch port 2 / EIP Fiber

ip address 10.252.5.114 255.255.255.248

duplex auto

speed auto

media-type rj45

standby 200 ip 10.252.5.116

standby 200 priority 110

standby 200 preempt

!

interface FastEthernet0/1/0

switchport access vlan 9

spanning-tree portfast

!

interface FastEthernet0/1/1

switchport access vlan 100

spanning-tree portfast

!

interface FastEthernet0/1/2

switchport access vlan 6

spanning-tree portfast

!

interface FastEthernet0/1/3

switchport access vlan 250

spanning-tree portfast

!

interface FastEthernet0/1/4

switchport access vlan 9

spanning-tree portfast

!

interface FastEthernet0/1/5

spanning-tree portfast

!

interface FastEthernet0/1/6

spanning-tree portfast

!

interface FastEthernet0/1/7

spanning-tree portfast

!

interface FastEthernet0/1/8

spanning-tree portfast

!

interface FastEthernet0/3/0

description open

no ip address

duplex auto

speed auto

standby 2 ip 10.10.2.1

standby 2 priority 110

standby 2 preempt

standby 2 track 155 decrement 20

!

interface FastEthernet0/3/1

description INTERNET

ip address 10.10.1.3 255.255.255.248

ip helper-address 10.10.9.11

duplex auto

speed auto

standby 1 ip 10.10.1.1

standby 1 priority 110

standby 1 preempt

!

interface Vlan1

no ip address

!

interface Vlan6

description PRINTER

ip address 10.10.6.7 255.255.255.0

ip helper-address 10.10.9.11

ip virtual-reassembly

standby 6 ip 10.10.6.1

standby 6 priority 110

standby 6 preempt

!

interface Vlan9

description DATA

ip address 10.10.9.7 255.255.254.0

ip helper-address 10.10.9.11

ip virtual-reassembly max-reassemblies 64

standby 9 ip 10.10.9.1

standby 9 priority 110

standby 9 preempt

!

interface Vlan100

ip address 10.100.10.7 255.255.254.0

ip helper-address 10.10.9.11

ip virtual-reassembly

standby 100 ip 10.100.10.1

standby 100 priority 110

standby 100 preempt

!

interface Vlan250

description NPVPN

ip address 10.250.0.2 255.255.255.248

ip virtual-reassembly

standby 250 ip 10.250.0.1

standby 250 priority 110

standby 250 preempt

!

router bgp 65002

bgp log-neighbor-changes

neighbor 10.252.5.113 remote-as xxxxx

neighbor 10.252.5.113 password 7 12370000220E020A7E0E0D1870

neighbor 10.252.5.113 update-source GigabitEthernet0/1

!

address-family ipv4

  neighbor 10.252.5.113 activate

  neighbor 10.252.5.113 default-originate

  neighbor 10.252.5.113 soft-reconfiguration inbound

  neighbor 10.252.5.113 maximum-prefix 250

  no auto-summary

  no synchronization

exit-address-family

interface GigabitEthernet0/0

description TO-FIOS

ip address x.x.x.x 255.255.255.0

ip virtual-reassembly max-reassemblies 64

ip route-cache policy

duplex auto

speed auto

media-type rj45

crypto map rtp

!

interface GigabitEthernet0/1

description Link to Linksys Switch port 2 / EIP Fiber

ip address 10.252.5.114 255.255.255.248

duplex auto

speed auto

media-type rj45

standby 200 ip 10.252.5.116

standby 200 priority 110

standby 200 preempt

!

interface FastEthernet0/1/0

switchport access vlan 9

spanning-tree portfast

!

interface FastEthernet0/1/1

switchport access vlan 100

spanning-tree portfast

!

interface FastEthernet0/1/2

switchport access vlan 6

spanning-tree portfast

!

interface FastEthernet0/1/3

switchport access vlan 250

spanning-tree portfast

!

interface FastEthernet0/1/4

switchport access vlan 9

spanning-tree portfast

!

interface FastEthernet0/1/5

spanning-tree portfast

!

interface FastEthernet0/1/6

spanning-tree portfast

!

interface FastEthernet0/1/7

spanning-tree portfast

!

interface FastEthernet0/1/8

spanning-tree portfast

!

interface FastEthernet0/3/0

description open

no ip address

duplex auto

speed auto

standby 2 ip 10.10.2.1

standby 2 priority 110

standby 2 preempt

standby 2 track 155 decrement 20

!

interface FastEthernet0/3/1

description INTERNET

ip address 10.10.1.3 255.255.255.248

ip helper-address 10.10.9.11

duplex auto

speed auto

standby 1 ip 10.10.1.1

standby 1 priority 110

standby 1 preempt

!

interface Vlan1

no ip address

!

interface Vlan6

description PRINTER

ip address 10.10.6.7 255.255.255.0

ip helper-address 10.10.9.11

ip virtual-reassembly

standby 6 ip 10.10.6.1

standby 6 priority 110

standby 6 preempt

!

interface Vlan9

description DATA

ip address 10.10.9.7 255.255.254.0

ip helper-address 10.10.9.11

ip virtual-reassembly max-reassemblies 64

standby 9 ip 10.10.9.1

standby 9 priority 110

standby 9 preempt

!

interface Vlan100

ip address 10.100.10.7 255.255.254.0

ip helper-address 10.10.9.11

ip virtual-reassembly

standby 100 ip 10.100.10.1

standby 100 priority 110

standby 100 preempt

!

interface Vlan250

description NPVPN

ip address 10.250.0.2 255.255.255.248

ip virtual-reassembly

standby 250 ip 10.250.0.1

standby 250 priority 110

standby 250 preempt

!

router bgp 65002

bgp log-neighbor-changes

neighbor 10.252.5.113 remote-as xxxxx

neighbor 10.252.5.113 password 7 12370000220E020A7E0E0D1870

neighbor 10.252.5.113 update-source GigabitEthernet0/1

!

address-family ipv4

  neighbor 10.252.5.113 activate

  neighbor 10.252.5.113 default-originate

  neighbor 10.252.5.113 soft-reconfiguration inbound

  neighbor 10.252.5.113 maximum-prefix 250

  no auto-summary

  no synchronization

exit-address-family

0 Helpful

Karl Breiner
Level 1
Level 1
In response to Karl Breiner

‎02-25-2013 05:31 PM

Ok, I did some research.  Anyone know if running these commands in my core will give me the route I need in BGP?

ip route 10.60.0.0 255.255.0.0 10.250.0.2 1

access-list 15 permit 10.60.0.0 0.0.255.255

route-map staticredist permit 10

match ip address 15

router bgp 65002

redistribute static route-map staticredist

0 Helpful
Customers Also Viewed These Support Documents