05-20-2021 03:45 AM
Hi ,
I would like to know it is possible or not ?
I would like to run IPsec to Site one and Site two. I run bgp to carry route. Please see below diagram.
i will apply ipsec profile on WAN interface. the ACL rule for IPsec source is also suing 10.1.2.1.And then BGP neighbor relationship also will use wan interface IP.
So let me know , my route is still encrypted ?
05-20-2021 03:51 AM
Are you using a VTI or crypto map?
What is your intention?
Do you wish to use BGP to distribute the local networks behind the routers over the VPN tunnel?
Or establish BGP connectivity to an ISP router?
05-20-2021 05:56 AM
Hi @Rob Ingram ,
i would like to know the traffic is encrypted or not.
for example.
crypto map vpn 10 ipsec-isakmp
set peer 10.2.1.1
set transform-set ts
match address 101
access-list permit host 10.1.2.1 0.0.0.0 10.2.1.1 0.0.0.0
---------------
router bgp 65001
neighbor 10.2.1.1 remote-as 65002
network 192.168.0.0 mask 255.255.255.0
--------
The LAN network of R2 can route to LAN of R1. And then The lan netowork of R1 reachable to LAN of R2 because of BGP .
But i confuse.This routed is pass through to ipsec tunnel or they never pass to ipsec tunnel ?
I apply ipsec profile on physica tunnel.I would like to know incoming traffic to 192.168.0.0/24 is encrypted ?
05-20-2021 04:34 AM
for BGP peer why not use Loopback interface, any way it required Tunnel to be Up before the peer coming in picture.
05-20-2021 05:58 AM
Hi @balaji.bandi ,
i just want to know if ipsec source and bgp neighbor relationship are same interface (WAN IP), bgp traffic or route will not encrypted ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide