cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
600
Views
5
Helpful
18
Replies

BGP VPN BETWEEN FTD AND GOOGLE CLOUD PLATFORM

fmugambi
Spotlight
Spotlight

Hello Team,

Need to create a IPSEC tunnel to GCP environment, to use BGP not static routing.

What are the concepts here?

Will I use policy based or route-based setup?

Step by step guide will be appreciated.

Thank you in advance.

1 Accepted Solution
18 Replies 18

Cristian Matei
VIP Alumni
VIP Alumni

Hi,

  Use IKEv2 route based VPN's with BGP on top of that. What is your Cisco platform?

Best,

Cristian.

fmugambi
Spotlight
Spotlight

am now facing asymmetric routing issues, yet have used weight, will this attribute assist or its local to me? i need a different attribute?

Can you more elaborate 

if you have one FTD connect via two VTI to GCP then 
weight will control the OUTBOUND traffic 
and you need to use as-prepend or MED to control the INBOUND 

if your case not as above please share topology 

Thanks

MHM

on-prem device in one

then use as-prepend or MED to make GCP use one path than other 
this will eliminate the asymetric traffic you face in such OUTbound use VTI1 and INbound use VTI2

MHM

 

since i configure both ends, do i need to use the attributes on both ends, or configuring on-prem bgp attributes gets me sorted?

No need both sides'

Only FTD side

MHM

quick one, question;

fmugambi_0-1730364563396.png

I normally nat my internal ip to a public IP that i share with clients on the encryption domain.

If i want to now route client traffic to cloud, not on-prem, i presume all i would need to do is nat the IP to an endpoint on cloud?

Am i right?

 

for them to access on-prem, there a re equivalent policies, now when sending them to cloud, how do the acl come in, on the on-prem FTD?

Hi,

    BGP weight is locally significant value, use local-preference for BGP AS wide influence.

Best,

Cristian.

does the local preference influence both out and in traffic?

Hi,

  Local preference attribute does not leave the AS, so it only influence traffic egress from the AS / leaving the AS.

Best,

Cristian.

so i do i influence return traffic?

or should i use both. use med for egress and as prepend for ingress?