This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OSPF (re-) distribute Site-to-Site-VPN

Hello Community, 

I have several XG firewalls (v18-MR5) configured with VPN tunnel interfaces and OSPF. All firewalls see each other via the tunnel interfaces and OSPF routes between the firewalls. This works as I expect it to.


At one firewall in the central office, there are "normal" site-2-site tunnels to other sites. These also work very well in themselves.
I am just missing the approach how to distribute a route to the Site-2-Site tunnels in OSPF. My attempts have all failed so far.

Maybe someone has a tip for me.

Thanks,

Ben



This thread was automatically locked due to age.
Parents
  • Thats currently not possible, as Policy based Tunnels are not "normal routes". Hence they cannot be distributed via OSPF: 

    This is on the roadmap for a future release. You could move to Route based VPN, as this is a static routing etc. 

    __________________________________________________________________________________________________________________

  • Hello LuCar Toni,


    When is it planned to implement this feature? 

    At the moment we have an XG firewall on which the route-based VPN tunnels are terminated and on another SG firewall the "classic" policy-based VPN tunnels to other SG, XG and third-party firewalls are terminated. In this setup I simply set a static route on the XG towards the SG and distribute it via OSPF. If old and new are to run on one firewall, I need a way to distribute the policy-based VPN routes via OSPF.
    If I understood you correctly, my only chance is to (temporarily) say goodbye to OSPF and put static routes on the firewalls. The other option would be to have the setup split between 2 firewalls as described above.

    Ben

    If a post solves your question please use the 'Verify Answer' button.

  • Move your IPsec Connection to RED site to site. This will resolve this limitation. 

    __________________________________________________________________________________________________________________

Reply Children