Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
479
Views
10
Helpful
4
Replies

Do not worked (backup channel) a "ospf" for ipsec.

Go to solution
Robocop01
Level 1
Level 1

‎05-14-2018 08:48 AM - edited ‎03-08-2019 03:00 PM

Dear All,

Do not worked (backup channel) a "ospf" for ipsec.
No ping from the ip 192.168.10.2 at the ip 192.168.20.3

my file file_for_cisco_packet_tracer

What is it problem?

 

 

 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Predrag Jovic
Level 3
Level 3

‎05-14-2018 09:34 AM - edited ‎05-14-2018 09:42 AM

For start IPsec does not support multicast, which is configured in configuration. OSPF traffic should be placed in GRE tunnel first and then IPsec could encrypt GRE traffic (if neighbors are to be discovered dynamically, as it is configured).

View solution in original post

Go to solution
Predrag Jovic
Level 3
Level 3
In response to Robocop01

‎05-14-2018 02:19 PM

You can find configuration example and explanation - Point-to-Point GRE over IPsec Design and Implementation.

There are other potential solutions (I did not test this one, but it should work) for example, OSPF neighbors can be configured with neighbor command in which case OSPF routers will forward unicast traffic instead of multicast even for hello packets, but I am not sure if that is configurable in packet tracer (maybe it is if serial interfaces are in use on WAN interfaces). There are other potential solutions, for example, IPsec VTI also supports multicast traffic.

View solution in original post

4 Replies 4

Go to solution
Predrag Jovic
Level 3
Level 3

‎05-14-2018 09:34 AM - edited ‎05-14-2018 09:42 AM

For start IPsec does not support multicast, which is configured in configuration. OSPF traffic should be placed in GRE tunnel first and then IPsec could encrypt GRE traffic (if neighbors are to be discovered dynamically, as it is configured).

Go to solution
Robocop01
Level 1
Level 1
In response to Predrag Jovic

‎05-14-2018 09:54 AM - edited ‎05-14-2018 10:24 AM

How will add ospf traffic in gre tunnel? Or Do you can offer other solution?

0 Helpful

Go to solution
Predrag Jovic
Level 3
Level 3
In response to Robocop01

‎05-14-2018 02:19 PM

You can find configuration example and explanation - Point-to-Point GRE over IPsec Design and Implementation.

There are other potential solutions (I did not test this one, but it should work) for example, OSPF neighbors can be configured with neighbor command in which case OSPF routers will forward unicast traffic instead of multicast even for hello packets, but I am not sure if that is configurable in packet tracer (maybe it is if serial interfaces are in use on WAN interfaces). There are other potential solutions, for example, IPsec VTI also supports multicast traffic.

Go to solution
Robocop01
Level 1
Level 1
In response to Predrag Jovic

‎05-15-2018 03:45 AM - edited ‎05-15-2018 03:48 AM

My case

Configuring a Negotiated L2TPv3 Session for an Xconnect VLAN Subinterface: Example

https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/l2tpv30s.html



0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card