Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1310
Views
0
Helpful
5
Replies

FlexVPN using eBGP

fwiest
Level 1
Level 1

‎03-03-2014 08:27 PM - edited ‎02-21-2020 07:32 PM

I am trying to configure FlexVPN using eBGP. The only way I can get it to work is to use the remote AS of one of the spokes. Is there a workaround for this? Or do I need to remove the address pool and number each tunnel myself?

router bgp 65511

bgp listen range 10.99.0.0/21 peer-group SPOKES

neighbor SPOKES peer-group

neighbor SPOKES remote-as 65432

neighbor SPOKES update-source Loopback100

neighbor SPOKES next-hop-self all

neighbor SPOKES timers 5 15

neighbor SPOKES soft-reconfiguration inbound

Labels:
0 Helpful
5 Replies 5

Graham Bartlett
Cisco Employee
Cisco Employee

‎06-02-2014 04:22 AM

Hi

I might be missing the question, so sorry to answer with a question.

Are all spokes going to be in the same AS?

I believe that your config will allow everything in 10.99.0.0/21 to peer with AS 65432, but if you need a different AS then you could change the list range.

If i've missed the point, please feel free to PM me.

 

cheers

 

0 Helpful

fwiest
Level 1
Level 1
In response to Graham Bartlett

‎06-02-2014 02:12 PM

Hello, and thank you for the response. Each spoke is in a different AS. But in the mean time I found the "local-as" and "remote-as" will solve the problem. So at this point, I have one last problem to solve, routing. Do you have any experience with BGP in FlexVPN?

0 Helpful

Graham Bartlett
Cisco Employee
Cisco Employee
In response to fwiest

‎06-03-2014 11:43 AM

Hi
 

What's the routing issue that you have?

 

cheers

0 Helpful

fwiest
Level 1
Level 1
In response to Graham Bartlett

‎06-03-2014 08:06 PM

We have a MPLS network with a Internet tunnel network for backup. There are times we want to force some traffic over the tunnels instead of MPLS. So I want to force a route between two spokes.

0 Helpful

Graham Bartlett
Cisco Employee
Cisco Employee
In response to fwiest

‎06-04-2014 06:38 AM

Hi

So if i read you correctly - you want this spoke-spoke tunnel to only come up at certain times?

You have the options of

1. run NHRP - so basically implement DMVPN style for the 'interesting' traffic. (i'm not sure if this is what you need as you can't base this on time)

2. use flexvpn client feature, tie this to an SLA or similar using the connect track command.

 

check this for more info on the tracking feature;

 

http://www.cisco.com/en/US/docs/ios-xml/ios/sec_conn_ike2vpn/configuration/15-2mt/sec-cfg-flex-clnt.html#GUID-8713BA04-FF96-4F22-9937-CF667485CBEA

 

 

0 Helpful
Customers Also Viewed These Support Documents