|
|
|
|
Страница 1 из 1
|
[ 1 сообщение ] |
|
Настройка BGP в сети FlexVPN
Автор |
Сообщение |
Alexandr V Sidorov
Зарегистрирован: 01 июл 2019, 10:35 Сообщения: 33
|
Приветствую! Помогите со следующей проблемой: Настроено Hub-Spoke HUB: ! ! ! redundancy ! crypto ikev2 proposal FLEX-VPN-Proposal encryption aes-cbc-256 integrity sha256 group 20 ! crypto ikev2 policy FlexVPN match fvrf any proposal FLEX-VPN-Proposal ! crypto ikev2 keyring KEYRING peer FLEXVPN address 0.0.0.0 0.0.0.0 identity address 0.0.0.0 pre-shared-key local CnhtktwF* pre-shared-key remote CnhtktwF* ! ! ! crypto ikev2 profile IKEV2-PROFILE match identity remote fqdn domain sberlogistica.ru identity local fqdn R1-COD.sberlogistica.ru authentication remote pre-share authentication local pre-share keyring local KEYRING virtual-template 1 ! ! ! ! ! ! crypto ipsec transform-set FLEX esp-aes 256 esp-sha256-hmac mode tunnel ! crypto ipsec profile FlexVPN2 set transform-set FLEX set pfs group19 set ikev2-profile IKEV2-PROFILE ! ! ! ! ! ! ! ! ! ! interface Loopback2 description For FlexVPN ip address 172.18.100.1 255.255.255.255 ! interface GigabitEthernet1 description ISP1 ip address 82.151.100.2 255.255.255.252 negotiation auto no mop enabled no mop sysid ! interface GigabitEthernet2 description ISP2 ip address 72.151.100.2 255.255.255.252 negotiation auto no mop enabled no mop sysid ! ! interface Virtual-Template1 type tunnel ip unnumbered Loopback2 ip nhrp network-id 100 ip nhrp redirect tunnel protection ipsec profile FlexVPN2 ! router bgp 65001 bgp log-neighbor-changes bgp listen range 172.18.100.0/24 peer-group SPOKE neighbor SPOKE peer-group neighbor SPOKE remote-as 65002 neighbor SPOKE update-source Loopback2 neighbor SPOKE timers 1 3 ! address-family ipv4 neighbor SPOKE activate exit-address-family !!! SPOKE:
redundancy ! crypto ikev2 proposal FLEX-VPN-Proposal encryption aes-cbc-256 integrity sha256 group 20 ! crypto ikev2 policy FlexVPN match fvrf any proposal FLEX-VPN-Proposal ! crypto ikev2 keyring KEYRING peer FLEXVPN address 0.0.0.0 0.0.0.0 identity address 0.0.0.0 pre-shared-key local CnhtktwF* pre-shared-key remote CnhtktwF* ! ! ! crypto ikev2 profile IKEV2-PROFILE match identity remote fqdn domain sberlogistica.ru identity local fqdn Office-C.sberlogistica.ru authentication remote pre-share authentication local pre-share keyring local KEYRING virtual-template 1 ! crypto ikev2 client flexvpn toDC peer 1 82.151.100.2 track 52 peer 2 72.151.100.2 track 57 peer 3 82.151.100.6 track 60 peer 4 72.151.100.6 track 63 peer reactivate source 1 GigabitEthernet1 track 100 source 2 GigabitEthernet2 track 200 client connect Tunnel0 ! ! ! crypto ipsec transform-set FLEX esp-aes 256 esp-sha256-hmac mode tunnel ! crypto ipsec profile FlexVPN2 set transform-set FLEX set pfs group19 set ikev2-profile IKEV2-PROFILE ! ! interface Loopback2 description For FlexVPN ip address 172.18.100.3 255.255.255.255 ! interface Tunnel0 description to COD ip unnumbered Loopback2 ip nhrp network-id 100 ip nhrp shortcut virtual-template 1 ip nhrp redirect tunnel source dynamic tunnel destination dynamic tunnel path-mtu-discovery tunnel protection ipsec profile FlexVPN2 ! interface GigabitEthernet1 description ISP1 ip address 92.151.100.10 255.255.255.252 negotiation auto no mop enabled no mop sysid ! interface GigabitEthernet2 description ISP2 ip address 100.151.100.10 255.255.255.252 negotiation auto no mop enabled no mop sysid ! ! interface Virtual-Template1 type tunnel ip unnumbered Loopback2 ip nhrp network-id 100 ip nhrp shortcut virtual-template 1 tunnel protection ipsec profile FlexVPN2 ! router bgp 65002 bgp log-neighbor-changes neighbor 172.18.100.1 remote-as 65001 neighbor 172.18.100.1 update-source Loopback2 neighbor 172.18.100.1 timers 1 3 ! address-family ipv4 neighbor 172.18.100.1 activate exit-address-family ! !!
Office-C#sh crypto session Crypto session current status
Interface: Tunnel0 Profile: IKEV2-PROFILE Session status: UP-ACTIVE Peer: 82.151.100.2 port 500 Session ID: 2 IKEv2 SA: local 92.151.100.10/500 remote 82.151.100.2/500 Active IPSEC FLOW: permit 47 host 92.151.100.10 host 82.151.100.2 Active SAs: 2, origin: crypto map Но после поднятия туннеля LoopBack интерфейсы HUB и SPOKE и, соответственно, нет возможности поднять BGP.
|
20 окт 2020, 14:48 |
|
|
|
Страница 1 из 1
|
[ 1 сообщение ] |
|
Кто сейчас на конференции |
Сейчас этот форум просматривают: нет зарегистрированных пользователей и гости: 41 |
|
Вы не можете начинать темы Вы не можете отвечать на сообщения Вы не можете редактировать свои сообщения Вы не можете удалять свои сообщения Вы не можете добавлять вложения
|
|
|
|