Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1128
Views
0
Helpful
3
Replies

dynamic routing via policy based l2l VPN

Andriy Sidko
Level 1
Level 1

‎12-14-2019 10:45 AM

Hi guys.

 

Just general question.

Could somebody explain why dynamic routing OSPF, EGRP, BGP works w/ problem via route base s2s VPN but not via policy base firewall?

 

Thank you.

Labels:
0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎12-14-2019 01:03 PM

Hi,
IPSec policy based VPNs only accepts unicast traffic, routing protocols require multicast to establish an adjacency. Where as a VTI or GRE tunnel interface supports multicast. The routing protocol traffic would be encapsulated and routed through the tunnel interface and establish routing adjacency.

HTH
0 Helpful

Andriy Sidko
Level 1
Level 1
In response to Rob Ingram

‎12-14-2019 04:07 PM

so it's possible to use policy based VPN with BGP. is it correct?

0 Helpful

Karsten Iwen
VIP
VIP
In response to Andriy Sidko

‎12-15-2019 03:10 AM

BGP is a little bit tricky. With its unicast transport you can send BGP through a policy-based VPN. But for the learned routes, this traffic also has to be part of the crypto-policy. Typically a GRE tunnel is used here which can also transport any traffic based on the learned routes.

0 Helpful
Customers Also Viewed These Support Documents