Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
337
Views
0
Helpful
4
Replies

Manually specify "orphan" network in OSPF

Nikolaos Milas
Level 1
Level 1

‎05-25-2015 01:40 PM - edited ‎03-08-2019 12:10 AM

Hello,

We are running OSPF on 3 routers (single area). Things are working fine.

(The whole of the setup is here: https://supportforums.cisco.com/discussion/12516016/ospf-networks-database-not-routing-table)

I would like to ask the following: On our routers we have reserved some subnets for IPSec VPN access. These are defined as follows (example from one of the routers):

crypto isakmp client configuration group ORG-VPN-MASTERS
 key *********************
 dns 8.8.8.8
 pool adminips
 acl 160
!
crypto ipsec transform-set vpnc esp-3des esp-sha-hmac
!
crypto dynamic-map dynmap 100
 set transform-set vpnc
 reverse-route
!
crypto map vpn client authentication list default
crypto map vpn isakmp authorization list vpn
crypto map vpn client configuration address respond
crypto map vpn 100 ipsec-isakmp dynamic dynmap
!
access-list 160 permit ip any 195.251.204.216 0.0.0.7
!
ip local pool adminips 195.251.204.217 195.251.204.222
!

So, the subnet 195.251.204.216/29 has been devoted to VPN access. However, this subnet has not been assigned to any particular interface in order to be "detected" and advertised by OSPF. Therefore, we needed to create static routes (on the other routers) for it.

Can someone please indicate a suggested solution on how to "enable" this subnet detection by OSPF so as to avoid the need to create static routes? (For example, could we define some virtual interface on that purpose, or could we somehow "associate" this subnet with an existing interface, or finally, could we force an advertisement -within OSPF- that the subnet "lies" at a particular router?)

Thanks in advance,
Nick

Labels:
0 Helpful
4 Replies 4

acampbell
VIP Alumni
VIP Alumni

‎05-25-2015 04:31 PM

Hi Nick,

If you can pick on the router that has next hop access to the networks/subnets that you have reserved

Add static routes like you have mentioned, then reditrbute these routes in to your OSPF

Something like this

!
ip route 195.251.204.216 255.255.255.248 NEXTHOP ADD name Reserved-for-VPN
!
router ospf 120
redistrubute static subnets
!

Then show your ospf routing table in the other routers within your ospf domain
you should see them as "O-E2" routes


See these links for more info:-

http://www.cisco.com/c/en/us/support/docs/ip/enhanced-interior-gateway-routing-protocol-eigrp/8606-redist.html

http://www.cisco.com/c/en/us/tech/ip/open-shortest-path-first-ospf/index.html?referring_site=bodynav

Hope this helps
Regards
Alex

Regards, Alex. Please rate useful posts.
0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to acampbell

‎05-25-2015 05:17 PM

Has been a long time Alex

How have you been?

Reza

0 Helpful

Nikolaos Milas
Level 1
Level 1
In response to acampbell

‎05-26-2015 02:52 AM

Thank you Alex,

So, if I understand right, I would need to do the configuration you are suggesting NOT at the router to which the above subnet belongs, but to a next-hop router. Correct?

If I configure things in this way, it seems to me that I only save the effort to configure a static route to one router (the third one) since we only have 3 routers (the router to which the subnet belongs does not need a static route anyway). Right?

It seems this would provide a good (effort) gain in case we had more routers in the network (participating in OSPF).

I have an additional question: For BGP needs, we have configured:

interface Null0
 no ip unreachables
!
ip route 194.177.194.0 255.255.255.0 Null0 254
...<more public networks>...

That is, there is a static route for each public network (advertised by all three routers, which belong to the same AS), with a next hop of Null0.

If we use in OSPF:

redistribute static subnets

will these static routes also be picked up by OSPF?

And, to go one step further, is there a way to exempt particular static routes from redistribution (if we have configured "redistribute static subnets")?

Thank you again,
Nick

0 Helpful

acampbell
VIP Alumni
VIP Alumni
In response to Nikolaos Milas

‎05-26-2015 05:22 AM

Hi Nick,

(Hi Reza, - I'm doing OK - really busy just now at work
withh all kinds of wierd hours - not getting much time
as I would like on the forums

Hope you are WELL too)


If the router that hosts the subnets is also your OSPF router then you can
simply redistribute your connected interface networks

Lets keep it simple.
Say

router 1

!
int fas 0/0
desc interface & subnet to VPN (NOT RUNNING OSPF)
ip add x.x.x.x/29
!
!
int fas 0/1
desc interface & subnet to VPN (NOT RUNNING OSPF)
ip add Y.Y.Y.Y/29
!
!
int fas 1/0
desc LAN interface & subnet RUNNING OSPF
ip add A.A.A.A/24
!
int fas 1/0
desc WAN interface & subnet RUNNING OSPF
ip add B.B.B.B/30
!
router ospf 120
redistribute connected subnets
REST OF OSPF CONFIG
!

http://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/18722-redist-conn.html

Hope this Helps
Regards
Alex

Regards, Alex. Please rate useful posts.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card