Configuring Site-to-Site VPN over OSPF using Command Line
03/26/2020 761 People found this article helpful 473,700 Views
Description
Configuring Site-to-Site VPN over OSPF using Command Line
Resolution
Feature/Application:
OBJECTIVE: Configuring site-to-site VPN over OSPF. The routing protocols can you used carry the traffic across the VPN and will provide seem less inter connectivity from one site to another seamlessly.
WHY SHOULD WE CONFIGURE SITE-TO-SITE VPN OVER OSPF?
OSPF over VPN is required if we are running OSPF inside our network and we need to extend the OSPF network to the other end of the site as well.
By configuring the OSPF over VPN dynamically the sites can be added to route the VPN traffic.
Procedure:
Provide detailed instructions; for example:
Step 1: VPN CONFIGURATION IN COMMAND-LINE:
SITE-A CONFIGUARTION | SITE-B CONFIGURATION |
vpn policy tunnel-interface SiteATOSiteB enable gateway primary 1.1.1.1 auth-method shared-secret shared-secret XXXXXXXXXXXXXXXXXX exit proposal ike exchange main proposal ike encryption triple-des proposal ike authentication sha1 proposal ike dh-group 2 proposal ike lifetime 28800 proposal ipsec protocol esp proposal ipsec encryption triple-des proposal ipsec authentication sha1 proposal ipsec dh-group none proposal ipsec lifetime 28800 keep-alive bound-to interface X1 allow-advanced-routing no transport-mode exit | vpn policy tunnel-interface SiteBTOSiteA enable gateway primary 1.1.1.2 auth-method shared-secret shared-secret XXXXXXXXXXXXXXXXXX exit proposal ike exchange main proposal ike encryption triple-des proposal ike authentication sha1 proposal ike dh-group 2 proposal ike lifetime 28800 proposal ipsec protocol esp proposal ipsec encryption triple-des proposal ipsec authentication sha1 proposal ipsec dh-group none proposal ipsec lifetime 28800 keep-alive bound-to interface X1 allow-advanced-routing no transport-mode exit |
Step 2: CONFIGURING OSPF OVER VPN:
SITE-A CONFIGUARTION | SITE-B CONFIGURATION |
router ospf ospf router-id 1.1.1.1 network 1.1.1.0/24 area 0 default-metric 10 ! end | router ospf ospf router-id 1.1.1.1 network 1.1.1.0/24 area 0 default-metric 10 ! end |
Step 3: VERIFICATION:
�1. When configuring OSPF please make sure the MTU value is configured correctly on the interface or else the OSPF neighbor negotiation will be stuck in 2-way and the OSPF neighbor ship will never reach FULL state.
2.�The MTU value can be ignored on the SonicWall by setting the ip ospf mtu-ignore.
SITE-A CONFIGUARTION | SITE-B CONFIGURATION |
interface TI: SiteATOSiteB ip ospf network point-to-point ip ospf mtu 1500 OR ip ospf mtu-ignore | interface TI: SiteATOSiteB ip ospf network point-to-point ip ospf mtu 1500 OR ip ospf mtu-ignore |
Related Articles
Categories
Was This Article Helpful?
YESNO