Hello guys, below is my topology,
I have added internet fw and introduced ISP on site B.
Before site B resources/ servers would go via mpls to site a to access internet.
I introduced the above to make each site use its own isp respectively.
I ran to challenges, site b resources were not able to get to their isp/internet, until i introduced " ip route 0.0.0.0/0 sitebinternetfw interface. --> which works but causes some issues.
is there a way, to manipulate just internet traffic for site b resources without introducing static entries? and not affecting site a and b from communicating with each other?
so bgp at 1941s, has route maps out, for downstream serverfirm subnet.and redistribution of ospfs' respective of the site.
Site A has some static routing, but on site A core sw ospf redistributes static routes.
so issues begin here, for example when you check for a route on site b, the route is not known, until you introduce a static route on 1941 of site b..-> since the bgp redistributes static as well, then the route now is known by site b 1941, which advertises it downstream , and servers in site b can reach the subnet now on site A and vice versa.
on site A, there a re quite number of ipsec tunnels, which have static entires on site A core sw. so you find these entries are not known in site b, so traffic from site b flows via mpls to core in site a then this core knows these guys needs to be routed via vpn.--. connectivity is ok.
question, where is this behaviour on the 1941s?
now when i want to introduce isp specific access to each site, the easiet way i went about it was, introducing the 0.0.0.0/0 to ciscoasa fw on site b.--> site b resources now get their internet access via their site b isp. my problem comes, when vpn clients are not able to reach site b resources, since now rem, since the vpn client routes are not known on the site b side, they fall under default category and forwarded to site b asa fw which does not know the route back to vpn clients.
a workaround would have all vpn static routed on site a core , on site a 1941 mpls edge router as well with core sw sita a as destination..-which would then be distributed by bgp across the sites, making 1941 mpls edge router on site a knowing about these routes, distributing them downstream to site b resources..,then these vpn clients routes would no longer fall under "default-route" and vpn clients would manage to access the site b resources.., problem is re-introduction of lots of static routing, which i wish to avoid/reduce.
Any insights here?
1. how to sort vpn learnt static routes be advertised to site b without introducing static routes at 1941 site mpls edge router?
2. is it possible as the setup is, make site b resources uses site b isp, without introducing default route at site be core sw?
Thanks.
this is one scenario.
this is on site a.
i introduced a new subnet .130/24. its known by downstream devices which advertise it up to 1941 mpls edge, but same is not put in bgp table of the 1941.
for next-hop this prefix 30.30.30.30 is in which site and show you sharing for which 1941 ?
I run lab test OSPF redistribute cases that prevent router behind the BGP/OSPF 1941 router learn prefix
if you run ibgp between two site not ebgp then
bgp redistribute-internal <<- this need "
MHM
if all above true
-the bgp is ebgp
-there are some prefix appear like 30.30.30.30 and other not appear
then
the
redistribute ospf <x> match external 1 external 2 internal
is issue here
the BGP only redis the internal as default and you need to add match ex1 ex2 to make it redis the external OSPF prefix 1 and 2
MHM
