ā12-30-2023 03:36 PM
I'm traying to configure OSPF in a FlexVPN between the hub and the spoke. I see OSPF spokes routes on the hub, but none of the hub routes on the Spokes. I made some changes to the configuration as suggested in this post Solved: OSPF Routing with FlexVPN Tunnel | Dynamic Spoke / Static Hub - Cisco Community with no lock, so I rollback the changes. Here is my configuration.
Spoke
router ospf 1
router-id 172.30.1.4
auto-cost reference-bandwidth 1000000
network 10.6.48.0 0.0.0.255 area 0
network 172.30.1.0 0.0.0.0 area 0
network 192.168.43.0 0.0.0.255 area 0
network 192.168.48.0 0.0.0.255 area 0
interface Tunnel0
ip address 172.30.1.4 255.255.255.0
ip nhrp network-id 1
ip nhrp shortcut virtual-template 1
ip nhrp redirect
tunnel source GigabitEthernet0/0/1
tunnel destination 192.168.50.1
tunnel protection ipsec profile IPSEC_PROFILE
end
interface Virtual-Template1 type tunnel
ip unnumbered GigabitEthernet0/0/1
ip nhrp network-id 1
ip nhrp shortcut virtual-template 1
ip nhrp redirect
tunnel source GigabitEthernet0/0/1
tunnel protection ipsec profile IPSEC_PROFILE
end
show ip ospf database router 172.30.1.4
OSPF Router with ID (172.30.1.4) (Process ID 1)
Router Link States (Area 0)
LS age: 140
Options: (No TOS-capability, DC)
LS Type: Router Links
Link State ID: 172.30.1.4
Advertising Router: 172.30.1.4
LS Seq Number: 800000B6
Checksum: 0xF60E
Length: 84
Number of Links: 5
Link connected to: another Router (point-to-point)
(Link ID) Neighboring Router ID: 172.30.1.1
(Link Data) Router Interface address: 172.30.1.4
Number of MTID metrics: 0
TOS 0 Metrics: 65535
Link connected to: a Stub Network
(Link ID) Network/subnet number: 172.30.1.0
(Link Data) Network Mask: 255.255.255.0
Number of MTID metrics: 0
TOS 0 Metrics: 65535
Link connected to: a Stub Network
(Link ID) Network/subnet number: 10.6.48.0
(Link Data) Network Mask: 255.255.255.0
Number of MTID metrics: 0
TOS 0 Metrics: 1000
Link connected to: a Stub Network
(Link ID) Network/subnet number: 192.168.43.0
(Link Data) Network Mask: 255.255.255.0
Number of MTID metrics: 0
TOS 0 Metrics: 1000
Link connected to: a Stub Network
(Link ID) Network/subnet number: 192.168.48.0
(Link Data) Network Mask: 255.255.255.0
Number of MTID metrics: 0
TOS 0 Metrics: 1000
Hub
router ospf 1
router-id 172.30.1.1
auto-cost reference-bandwidth 100000
redistribute bgp 65100 route-map Recursive-Deny-OSPF
network 10.10.100.1 0.0.0.0 area 0
network 172.30.1.1 0.0.0.0 area 0
default-information originate
interface Virtual-Template1 type tunnel
ip unnumbered Loopback0
ip nhrp network-id 1
ip nhrp redirect
tunnel protection ipsec profile IPSEC_PROFILE
end
interface Loopback0
description VIRTUAL-TEMPLATE IP ADDRESS FOR FLEX VPN
ip address 172.30.1.1 255.255.255.0
end
show ip ospf database router 172.30.1.1
OSPF Router with ID (172.30.1.1) (Process ID 1)
Router Link States (Area 0)
LS age: 906
Options: (No TOS-capability, DC)
LS Type: Router Links
Link State ID: 172.30.1.1
Advertising Router: 172.30.1.1
LS Seq Number: 800000A7
Checksum: 0x61CB
Length: 48
AS Boundary Router
Number of Links: 2
Link connected to: a Stub Network
(Link ID) Network/subnet number: 172.30.1.1
(Link Data) Network Mask: 255.255.255.255
Number of MTID metrics: 0
TOS 0 Metrics: 1
Link connected to: another Router (point-to-point)
(Link ID) Neighboring Router ID: 172.30.1.4
(Link Data) Router Interface address: 0.0.0.24
Number of MTID metrics: 0
TOS 0 Metrics: 65535
Any help is welcome.
Solved! Go to Solution.
ā01-10-2024 04:36 PM
I forgot to update with the solution. It turns out, I was referencing the wrong name in the redistribution. I was using the prefix-list name instead of the route-map. Once I corrected the error, routes started to appear.
ā12-30-2023 03:42 PM
what authz you use here?
Can I see config
MHM
ā12-30-2023 06:25 PM
crypto ikev2 authorization policy test.local
route set interface
route set access-list FLEXVPN_ROUTES
Standard IP access list FLEXVPN_ROUTES
10 permit any
ā12-30-2023 03:42 PM
Quick one before i read all the information - is this subnet correct ? is this intention or typo ? interface has /24 address.
network 172.30.1.0 0.0.0.0 area 0
ā12-30-2023 06:26 PM
That was a typo its network 172.30.1.0 0.0.0.255 area 0
ā12-31-2023 02:49 AM
That was a typo its network 172.30.1.0 0.0.0.255 area 0
what is the outcome after changing, still have issue ? can you post latest information after correction done ?
ā12-31-2023 03:56 AM
Ospf with dmvpn is hard and with flexvpn I think it more hard
Now
Flexvpn is close to phaseIII of dmvpn'
So under hub virtual we use ip nhrp redirect and ip nhrp network id x
Under spoke tunnel we use ip nhrp shortcut virtual and ip nhrp network id
For authz we only accept route not set any route.
For opsf we need to change the network type from p2p to broadcast or p2mp in both hub and spoke.
Try above share show ip ospf neighbor
MHM
ā01-10-2024 04:38 PM
It was difficult because later I wanted to have a backup tunnel to the MPLS redundancy router and I was having loops, but after 3 intense days, and more filtering in the prefix-list. I was able to solve things out. Maybe it's not perfect, but it is working
ā01-10-2024 04:36 PM
I forgot to update with the solution. It turns out, I was referencing the wrong name in the redistribution. I was using the prefix-list name instead of the route-map. Once I corrected the error, routes started to appear.
ā01-10-2024 08:27 PM
share the last config if you can
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide