Solved: Routing Protocols and IPSEC

mahesh18 · ‎12-24-2012

Hi Everyone,

I read IPSEC does not support Routing Protocols with Site to Site VPN as they both are Layer4.

Does it mean that If Site A has to reach Site B over WAN link we should use Static IP on Site A and Site B Router?

In my home Lab i config Site to Site IPSES VPN and they are working fine using OSPF does this mean that IPSEC supports Routing Protocol?

IF someone can explain me this please?

Thanks

Mahesh

Marcin Latosiewicz · ‎12-24-2012

There is no problem with routing protocol over IPsec, there are limitations of some implmentations.

Our old (lagacy, but still popular) crypto maps where one such implemtation.

What you need to remember is that to pass (most) routing protocols over IPsec you need to make sure multicast is allowed through, i.e. your traffic selectors need to be extended. Another thing is that some of those protocols perform a check whether hellos were recived from a connected subnet etc etc. Obviously it's not a problem with BGP (or most problems can be easily overcome).

New implementations - on Cisco side using tunnel protections - we can run routing protcols over IPsec with very few restrictions.

M.

View solution in original post

Marcin Latosiewicz · ‎12-24-2012

There is no problem with routing protocol over IPsec, there are limitations of some implmentations.

Our old (lagacy, but still popular) crypto maps where one such implemtation.

What you need to remember is that to pass (most) routing protocols over IPsec you need to make sure multicast is allowed through, i.e. your traffic selectors need to be extended. Another thing is that some of those protocols perform a check whether hellos were recived from a connected subnet etc etc. Obviously it's not a problem with BGP (or most problems can be easily overcome).

New implementations - on Cisco side using tunnel protections - we can run routing protcols over IPsec with very few restrictions.

M.

mahesh18 · ‎12-25-2012

Hi Marcin,

Thanks for reply

Regards

MAhesh