Solved: How to pass traffic from BGP routing to a VPN destination.

Chin · ‎10-07-2013

Dear All,

I having a difficulty on the BGP routing issue. I have 2 routers, router A1 and router A2 are running in BGP for routing connection. Currently we setup a site to site VPN from router A2 to router B. Once the VPN connection establish, how to i connect to router B from router A1?

I have attached the diagram and wish anyone can help me answer for it.

Many thanks.

John Blakley · ‎10-07-2013

It looks right. From this config, you'll be able to get to the shared subnet between A2 and B, but what's on the LAN side for B? You'll need to have a static address for that unless you're going to run a routing protocol. On Router B, you'll need a static route for A1 to point to A2 in order to get return traffic from A1 to B and back.

For example, if your lan subnet on Router B is 192.168.5.0/24, on A2 you would create a static route:

ip route 192.168.5.0 255.255.255.0

On Router A2, you're redistributing statics, so A1 would know how to get to B since A2 knows and is advertising that to A1.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

View solution in original post

John Blakley · ‎10-07-2013

Are you running a routing protocol between the two vpn endpoints? If not, you can simply create statics pointing from Router Office B to Office A1 via Office A2. You can Then redistribute the static into BGP so Office A1 knows how to get to Router Office B.

Another way would be to run a routing protocol between A2 and B over the vpn tunnel, and then perform a mutual redistribution on A2.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Chin · ‎10-07-2013

Hi John

Thanks your suggestion. I try to draft a configuration on these routers. Please correct me if i am wrong on it.

Let assume the site to site VPN is connected.

Office A1:

router bgp 65022

no synchronization

bgp log-neighbor-changes

network 172.16.152.0

timers bgp 15 20

redistribute connected

redistribute static

neighbor xx.xx.xx.xx remote-as 8805

neighbor xx.xx.xx.xx weight 100

neighbor xx.xx.xx.xx route-map ADVERTISE-WAN out

no auto-summary

ip prefix-list ADVERTISE-WAN seq 5 permit 172.16.152.0/24

Office A2:

router bgp 65021

no synchronization

bgp log-neighbor-changes

network 172.16.153.0

network 192.168.110.0

timers bgp 15 20

redistribute connected

redistribute static

neighbor xx.xx.xx.xx remote-as 8804

neighbor xx.xx.xx.xx weight 100

neighbor xx.xx.xx.xx route-map ADVERTISE-WAN out

no auto-summary

ip prefix-list ADVERTISE-WAN seq 5 permit 172.16.153.0/24

ip prefix-list ADVERTISE-WAN seq 10 permit 192.168.110.0/23

Once the 192.168.110.0/23 is advertised in the WAN routing, Office A1 able to access to office B via WAN cloud. It is possible to access it. Am i correct?

John Blakley · ‎10-07-2013

It looks right. From this config, you'll be able to get to the shared subnet between A2 and B, but what's on the LAN side for B? You'll need to have a static address for that unless you're going to run a routing protocol. On Router B, you'll need a static route for A1 to point to A2 in order to get return traffic from A1 to B and back.

For example, if your lan subnet on Router B is 192.168.5.0/24, on A2 you would create a static route:

ip route 192.168.5.0 255.255.255.0

On Router A2, you're redistributing statics, so A1 would know how to get to B since A2 knows and is advertising that to A1.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Chin · ‎10-07-2013

Hi John,

Thanks for your help. Later I will try it after my office hour and I get back to you for the result.

Thank you very much and appreciate your help.

Chin · ‎10-08-2013

Hi John,

I have tried it and it working prefect to me. Thanks for your solution.