cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

290
Views
0
Helpful
3
Replies
Highlighted
Beginner

dynamic routing via policy based l2l VPN

Hi guys.

 

Just general question.

Could somebody explain why dynamic routing OSPF, EGRP, BGP works w/ problem via route base s2s VPN but not via policy base firewall?

 

Thank you.

3 REPLIES 3
RJI Advisor
Advisor

Re: dynamic routing via policy based l2l VPN

Hi,
IPSec policy based VPNs only accepts unicast traffic, routing protocols require multicast to establish an adjacency. Where as a VTI or GRE tunnel interface supports multicast. The routing protocol traffic would be encapsulated and routed through the tunnel interface and establish routing adjacency.

HTH
Beginner

Re: dynamic routing via policy based l2l VPN

so it's possible to use policy based VPN with BGP. is it correct?

VIP Mentor

Re: dynamic routing via policy based l2l VPN

BGP is a little bit tricky. With its unicast transport you can send BGP through a policy-based VPN. But for the learned routes, this traffic also has to be part of the crypto-policy. Typically a GRE tunnel is used here which can also transport any traffic based on the learned routes.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here