saquib.nawazz Sat, 08/01/2009 - 22:13

The Routing Protcol is OSPF.


All IPSEC GRE Tunnel are terminating on the same Router, where the filter will be applied.


Can get some sample configuration.

Istvan_Rabai Mon, 08/03/2009 - 08:47

Hi Saquib,


With GRE over IPSec tunnels, the Tunnel interface (like Tunnel0 in your example) is used to pass routing protocol updates and traffic.


The Tunnel interface is used very much the same way as a normal interface from routing protocol filtering or summarization point of view.


So do your route filtering as usual, except that filtering or summarization must be configured using the respective Tunnel interface when required by the command you use.


Cheers:

Istvan

saquib.nawazz Tue, 08/04/2009 - 03:03

I am so far not able to search for sample configuration on filtering traffic with IPSEC GRE scenario.


Anyone aware of similar link.

slmansfield Tue, 08/04/2009 - 07:18

If your edge router is an Area Border Router and each tunnel is in a different OSPF area, you can filter type 3 LSAs between areas on the edge router using several techniques, the most flexible of which is the "area x filter-list prefix-name [in | out ]".


http://www.cisco.com/en/US/docs/ios/12_2t/12_2t11/feature/guide/ft11at3f.html


If the tunnels are not in distinct OSPF areas, you may want to use a different routing protocol, such as EIGRP, over the tunnels, where you could use distribute-lists on the edge router to filter traffic between the tunnels.


If you need to use OSPF over the WAN, you could set up the OSPF area associated with the WAN as a totally stubby area. Assuming the edge router is an ABR, it will advertise just a default route to the remote sites. The routes advertised to the edge router from the remote sites can be filtered with the "area x filter-list" before they enter the OSPF backbone.


HTH

Actions

This Discussion