Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
815
Views
9
Helpful
5
Replies

OSPF through non-cisco ipsec

apaxson
Level 1
Level 1

‎09-27-2006 04:41 AM - edited ‎03-03-2019 02:08 PM

I have a VPN tunnel setup between a Watchguard Firebox and a Cisco ASA (7.1).

Since IPSec won't allow multicast traffic, how do I get the routers on the ASA side populated via OSPF?

I added the route to an OSPF router, but since it's a link-state protocol, it doesn't watch the routing table (correct?).

I do have a 1710 on the Watchguard side, but am unsure how to set it up not to multicast.

Also, since the VPN tunnel won't stay up until it sees interesting traffic, won't OSPF remove the route?

Has anyone had to deal with this kind of setup? Any advice is appreciated.

Thanks in advance!

Aaron

Labels:
0 Helpful
5 Replies 5

apaxson
Level 1
Level 1
In response to ariela

‎09-28-2006 08:09 PM

Hi Andrea,

Thanks for the link. Unfortunately, I've already scoured that doc. It assumes PIX on each side, since Cisco placed, in it's bag of tricks, workarounds for OSPF in the PIX.

Since one side is a Watchguard, I'm having a little trouble.

I'm pondering about building a GRE tunnel from the 1710 on the Watchguard side, to a 4510 on the PIX side, using the IPSec tunnel merely as a transport.

Anybody think that will work?

~~Aaron

0 Helpful

jackyoung
Level 6
Level 6
In response to apaxson

‎09-28-2006 09:59 PM

The doc. should fix the problem, it was because the router is ourside the firewall and not the termination points of the VPN. You simple build the GRE between two routers, ensure the traffic of the GRE tunnel will pass via IPSEC tunnel, and enable the OSPF (or other routing protocol or application) in the GRE tunnel. Then it will be no problem.

The routers just treat the connection to the firewall is a path to remote side.

However, if you want to use router for the IPSEC tunnel at the same time, it should work too but it is more complicated and difficult to troubleshoot. And you already have the IPSEC at firewall, so just keep it and modify the router is simplier.

Hope this helps.

apaxson
Level 1
Level 1
In response to jackyoung

‎09-29-2006 02:25 PM

You are right. The doc I was talking about, was two ASA's side-by-side with an IPSec tunnel. Cisco has the ASA's doing something different, so I wouldn't have to build a GRE tunnel.

Looking over it again, was the right doc. Thanks for making me take a second look!

cheers!

~~Aaron

0 Helpful

jackyoung
Level 6
Level 6
In response to apaxson

‎10-02-2006 05:14 PM

It is good that it suits for you, please feel free to let us know the result after you tested it. :)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card