beautypg.com

Ospf over ipsec – Amer Networks E5Web GUI User Manual

Page 316

background image

and those interfaces are configured with OSPF Router Process objects, OSPF will begin
exchanging routing information.

Confirming OSPF Deployment

It is now possible to check that OSPF is operating and that routing information is exchanged.

This can be done by examining the routing tables. Routes that have been imported into the
routing tables though OSPF are indicated with the letter "O" to the left of the route description.
For example, the routes command might give the following output:

Device:/> routes

Flags Network

Iface

Gateway

Local IP

Metric

----- --------------- ----------- --------------- ---------- ------

192.168.1.0/24

lan

0

172.16.0.0/16

wan

0

O

192.168.2.0/24

wan

172.16.2.1

1

Here, the route for 192.168.2.0/24 has been imported via OSPF and that network can be found on
the WAN interface with the gateway of 172.16.2.1. The gateway in this case is of course the
Clavister Security Gateway to which the traffic should be sent. That security gateway may or may
not be attached to the destination network but OSPF has determined that that is the optimum
route to reach it.

The CLI command ospf can also be used to indicate OSPF status. The options for this command
are fully described in the CLI Reference Guide.

Sending OSPF Traffic Through a VPN Tunnel

In some cases, the link between two Clavister Security Gateways which are configured with OSPF
Router Process objects may be insecure. For example, over the public Internet.

In this case, we can secure the link by setting up a VPN tunnel between the two security
gateways and telling OSPF to use this tunnel for exchange of OSPF information. Next, we will
look at how to set this up and assume that IPsec will be the chosen method for implementing the
tunnel.

Figure 4.18. OSPF Over IPsec

To create this setup we need to perform the normal OSPF steps described above but with the
following additional steps:

1. Set up an IPsec tunnel

First set up an IPsec tunnel in the normal way between the two security gateways A and B. The
IPsec setup options are explained in Section 9.2, “VPN Quick Start”.

This IPsec tunnel is now treated like any other interface when configuring OSPF in cOS Core.

Chapter 4: Routing

316

This manual is related to the following products:
See also other documents in the category Amer Networks Computer Accessories: