Re: IPsec Source and BGP peer IP also same

MrBeginner · ‎05-20-2021

Hi ,

I would like to know it is possible or not ?

I would like to run IPsec to Site one and Site two. I run bgp to carry route. Please see below diagram.

i will apply ipsec profile on WAN interface. the ACL rule for IPsec source is also suing 10.1.2.1.And then BGP neighbor relationship also will use wan interface IP.

So let me know , my route is still encrypted ?

Rob Ingram · ‎05-20-2021

@MrBeginner

Are you using a VTI or crypto map?

What is your intention?

Do you wish to use BGP to distribute the local networks behind the routers over the VPN tunnel?

Or establish BGP connectivity to an ISP router?

MrBeginner · ‎05-20-2021

Hi @Rob Ingram ,

i would like to know the traffic is encrypted or not.

for example.

crypto map vpn 10 ipsec-isakmp
set peer 10.2.1.1
set transform-set ts
match address 101

access-list permit host 10.1.2.1 0.0.0.0 10.2.1.1 0.0.0.0

---------------

router bgp 65001

neighbor 10.2.1.1 remote-as 65002

network 192.168.0.0 mask 255.255.255.0

--------

The LAN network of R2 can route to LAN of R1. And then The lan netowork of R1 reachable to LAN of R2 because of BGP .

But i confuse.This routed is pass through to ipsec tunnel or they never pass to ipsec tunnel ?

I apply ipsec profile on physica tunnel.I would like to know incoming traffic to 192.168.0.0/24 is encrypted ?

balaji.bandi · ‎05-20-2021

for BGP peer why not use Loopback interface, any way it required Tunnel to be Up before the peer coming in picture.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MrBeginner · ‎05-20-2021

Hi @balaji.bandi ,

i just want to know if ipsec source and bgp neighbor relationship are same interface (WAN IP), bgp traffic or route will not encrypted ?