Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
492
Views
0
Helpful
2
Replies

AWS <> Cisco IPSec configuration

Go to solution
AvdVyver
Level 1
Level 1

‎01-12-2018 05:05 AM - edited ‎03-05-2019 09:44 AM

Hi,

I have a few IPSec tunnels between my Cisco router and my Amazon AWS VPCs (using the AWS VPC VPN functionality). I have always just downloaded the suggested configuration from the AWS VPN for Cisco and modified it for my router. I am no Cisco expert and I was wondering why the neighbor statements appear under both the "router bgp" section as well as the "address-family"? Is there a specific reason for this? Or is it possible for the neighbor statements only to appear once under the address-family section?   

 

router bgp 65000
  neighbor 169.254.0.1 remote-as 7224
  neighbor 169.254.0.1 activate
  neighbor 169.254.0.1 timers 10 30 30
  address-family ipv4 unicast
    neighbor 169.254.0.1 remote-as 7224
    neighbor 169.254.0.1 timers 10 30 30
    neighbor 169.254.0.1 activate
    neighbor 169.254.0.1 soft-reconfiguration inbound

 

Thanks!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎01-12-2018 06:17 AM

Hi
its a newer style of BGP called MBGP which has extensions , the BGP process can be broken down into multiple different sections , they need to be in both sections the neighbor statements anyway but you shouldn't need to activate it under main area but only under ipv4 section
neighbor 169.254.0.1 activate

so we have the same setup but we also use  address-family ipv4 vrf xxx for iwan and ISPs will also have another section for there PE -PE communication address-family vpnv4 unicast

https://www.cisco.com/c/en/us/td/docs/ios/12_2/iproute/command/reference/fiprrp_r/1rfmbgp.html

probably the best explanation ive seen it described anyway from Peter in another post below


https://supportforums.cisco.com/t5/wan-routing-and-switching/when-to-use-bgp-address-family/td-p/1927840

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Mark Malone
VIP Alumni
VIP Alumni

‎01-12-2018 06:17 AM

Hi
its a newer style of BGP called MBGP which has extensions , the BGP process can be broken down into multiple different sections , they need to be in both sections the neighbor statements anyway but you shouldn't need to activate it under main area but only under ipv4 section
neighbor 169.254.0.1 activate

so we have the same setup but we also use  address-family ipv4 vrf xxx for iwan and ISPs will also have another section for there PE -PE communication address-family vpnv4 unicast

https://www.cisco.com/c/en/us/td/docs/ios/12_2/iproute/command/reference/fiprrp_r/1rfmbgp.html

probably the best explanation ive seen it described anyway from Peter in another post below


https://supportforums.cisco.com/t5/wan-routing-and-switching/when-to-use-bgp-address-family/td-p/1927840

0 Helpful

Go to solution
AvdVyver
Level 1
Level 1
In response to Mark Malone

‎01-14-2018 11:09 PM

Thanks a lot for the clarification Mark!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card