05-14-2018 08:48 AM - edited 03-08-2019 03:00 PM
Dear All,
Do not worked (backup channel) a "ospf" for ipsec.
No ping from the ip 192.168.10.2 at the ip 192.168.20.3
my file file_for_cisco_packet_tracer
What is it problem?
Solved! Go to Solution.
05-14-2018 09:34 AM - edited 05-14-2018 09:42 AM
For start IPsec does not support multicast, which is configured in configuration. OSPF traffic should be placed in GRE tunnel first and then IPsec could encrypt GRE traffic (if neighbors are to be discovered dynamically, as it is configured).
05-14-2018 02:19 PM
You can find configuration example and explanation - Point-to-Point GRE over IPsec Design and Implementation.
There are other potential solutions (I did not test this one, but it should work) for example, OSPF neighbors can be configured with neighbor command in which case OSPF routers will forward unicast traffic instead of multicast even for hello packets, but I am not sure if that is configurable in packet tracer (maybe it is if serial interfaces are in use on WAN interfaces). There are other potential solutions, for example, IPsec VTI also supports multicast traffic.
05-14-2018 09:34 AM - edited 05-14-2018 09:42 AM
For start IPsec does not support multicast, which is configured in configuration. OSPF traffic should be placed in GRE tunnel first and then IPsec could encrypt GRE traffic (if neighbors are to be discovered dynamically, as it is configured).
05-14-2018 09:54 AM - edited 05-14-2018 10:24 AM
How will add ospf traffic in gre tunnel? Or Do you can offer other solution?
05-14-2018 02:19 PM
You can find configuration example and explanation - Point-to-Point GRE over IPsec Design and Implementation.
There are other potential solutions (I did not test this one, but it should work) for example, OSPF neighbors can be configured with neighbor command in which case OSPF routers will forward unicast traffic instead of multicast even for hello packets, but I am not sure if that is configurable in packet tracer (maybe it is if serial interfaces are in use on WAN interfaces). There are other potential solutions, for example, IPsec VTI also supports multicast traffic.
05-15-2018 03:45 AM - edited 05-15-2018 03:48 AM
My case
Configuring a Negotiated L2TPv3 Session for an Xconnect VLAN Subinterface: Example
https://www.cisco.com/c/en/us/td/docs/ios/12_0s/feature/guide/l2tpv30s.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide