This is an exersize in learning, and I'm getting stuck on the OSPF/Routing piece.
What I am wanting to do is build a Lan-to-Lan VPN network between a 2811 and a 3005. Once that is done, inner routers at each site will run OSPF and should populate routes between the sites.
I have built the VPN Lan-to-Lan sucessfully, but I am not able to get the Inner Routers to build neighbor relationships. Likely, I am missing something fundamental.
The outer/gateway/vpn devices at each site (2800 and 3005) are not participating in OSPF. I have configured the near and far side networks on each VPN device and have full connectivity between all clients at both sites. My challenge is to get the gateway devices to forward the OSPF Multicasts to the far side network and delivered to the Inner Router.
I understand that the Neighbor Relationship is built with Hello Messages between routers that share a common segment. I assumed that the VPN tunnel between sites would simulate this "common segment" function by identifying the multicast traffic as "interesting" and thus forward the multicast to the far end. To get to this, I used an access list to identify the source networks and then identified the destination as 220.127.116.11 0.0.0.0, thinking that the local VPN device would see the multicast communication from the Inner Router and encapsulate it for passage to the far end. Once arriving, the far end would un-encapsulate it and deliver it to the inside interface where the far end Inner Router would recieve the multicast Hello message.
IPSEC does not encrypt Multicast Traffic. So, the tunnel between the VPN3000 and Router will not encrypt the OSPF Multicast packets and hence no OSPF Neighbor/Adjacency/Routing. Your best option with the above set up is to configure GRE Tunnel between two routers behind the VPN3000 and VPN Router and then configure OSPF across the GRE Tunnel. Since, OSPF Multicast packets are encapsulated into GRE and the VPN3000 sees the GRE packet only and not the MC Packets within GRE, VPN3000 will encrypt the packets and send it across.
Refer the below URL, this is actually for a Pix but the concept is the same.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...