Thread Info
  • State Verified Answer
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 1801 views
  • Users 0 members are here
Options
Suggested

OSPF Configuration

Doug Watson

Is the configuration for OSPF over the new Central SD-WAN VPN's the same as previous configurations  as per the links below? Do we still need GRE Tunnels?

https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/122682/sophos-xg-firewall-how-to-configure-ospf-over-rbvpn

https://support.sophos.com/support/s/article/KB-000038014?language=en_US

Parents
  • FormerMember
    +1 FormerMember

    Hey Doug,

    No, We don't need GRE anymore. Central SD-WAN VPN orchestration adds Route-Based VPN tunnels on each end, Custom gateways, and SD-WAN policy routes.

    RB IPSec supports multicast traffic over the tunnel. Earlier we needed GRE because Policy-Based IPSec doesn't support multicast over the tunnel which OSPF uses to share route updates(LSAs).

    Ensure to enable 'Dynamic Routing' on the VPN zone [Administration > Device Access] if you configure. ;) 

Reply
  • FormerMember
    +1 FormerMember

    Hey Doug,

    No, We don't need GRE anymore. Central SD-WAN VPN orchestration adds Route-Based VPN tunnels on each end, Custom gateways, and SD-WAN policy routes.

    RB IPSec supports multicast traffic over the tunnel. Earlier we needed GRE because Policy-Based IPSec doesn't support multicast over the tunnel which OSPF uses to share route updates(LSAs).

    Ensure to enable 'Dynamic Routing' on the VPN zone [Administration > Device Access] if you configure. ;) 

Children
No Data
Unfiltered HTML