Configuring Site-to-Site VPN over OSPF using Command Line

Description

Configuring Site-to-Site VPN over OSPF using Command Line

Resolution

Feature/Application:

 

OBJECTIVE: Configuring site-to-site VPN over OSPF. The routing protocols can you used carry the traffic across the VPN and will provide seem less inter  connectivity from one site to another seamlessly.

WHY SHOULD WE CONFIGURE SITE-TO-SITE VPN OVER OSPF?

OSPF over VPN is required if we are running OSPF inside our network and we need to extend the OSPF network to the other end of the site as well.

By configuring the OSPF over VPN dynamically the sites can be added to route the VPN traffic.


Procedure:

Provide detailed instructions; for example:

Step 1: VPN CONFIGURATION IN COMMAND-LINE:
 

SITE-A CONFIGUARTION

SITE-B CONFIGURATION

vpn policy tunnel-interface SiteATOSiteB

enable

gateway primary 1.1.1.1

 

auth-method shared-secret

shared-secret   XXXXXXXXXXXXXXXXXX

exit

 
proposal ike exchange main

 

proposal ike encryption triple-des

proposal ike authentication sha1

proposal ike dh-group 2

proposal ike lifetime 28800

 

proposal ipsec protocol esp

proposal ipsec encryption triple-des

proposal ipsec authentication sha1

proposal ipsec dh-group none

proposal ipsec lifetime 28800

keep-alive

 

bound-to interface X1

allow-advanced-routing

no transport-mode

exit

vpn policy tunnel-interface SiteBTOSiteA

enable

gateway primary 1.1.1.2

 

auth-method shared-secret

shared-secret    XXXXXXXXXXXXXXXXXX

exit


proposal ike exchange main

 

proposal ike encryption triple-des

proposal ike authentication sha1

proposal ike dh-group 2

proposal ike lifetime 28800

 

proposal ipsec protocol esp

proposal ipsec encryption triple-des

proposal ipsec authentication sha1

proposal ipsec dh-group none

proposal ipsec lifetime 28800

keep-alive

 

bound-to interface X1

allow-advanced-routing

no transport-mode

exit


Step 2: CONFIGURING OSPF OVER VPN:
 

SITE-A CONFIGUARTION

SITE-B CONFIGURATION

router ospf

 ospf router-id 1.1.1.1

network 1.1.1.0/24 area 0

default-metric 10

!

end

router ospf

 ospf router-id 1.1.1.1

network 1.1.1.0/24 area 0

default-metric 10

!

end


Step 3: VERIFICATION:

 �1. When configuring OSPF please make sure the MTU value is configured correctly on the interface or else the OSPF neighbor negotiation will be stuck in 2-way and the OSPF neighbor ship will never reach FULL state.

2.�The MTU value can be ignored on the SonicWall by setting the ip ospf mtu-ignore.

 

SITE-A CONFIGUARTION

SITE-B CONFIGURATION

interface TI: SiteATOSiteB

 ip ospf network point-to-point

 

ip ospf mtu 1500

  OR

ip ospf mtu-ignore

interface TI: SiteATOSiteB

 ip ospf network point-to-point

 

ip ospf mtu 1500

  OR

ip ospf mtu-ignore

 

Related Articles

  • Using 31-Bit Prefixes on IPv4 Address Error: Index of the interface: Invalid IP Address
    Read More
  • How to block a website using CFS 4.0 CLI commands
    Read More
  • How to Configure Wire / Tap mode in SonicOS
    Read More

Categories

Firewalls
TZ Series
Firewalls
SonicWall SuperMassive E10000 Series
Firewalls
SonicWall SuperMassive 9000 Series
Firewalls
SonicWall NSA Series
not finding your answers?
Ask the Community
was this article helpful?
YesNo