This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

BGP: Routes are not announced (SSL-VPN, remote IPsec network)

Hi,

I have the the following setup:

Office FW (10.1.0.0/24) <==Policy based ipsec==> DC FW (LAN: 10.2.0.0/24; SSL-VPN: 10.3.0.0/24) <==Route based ipsec==> Partner FW (172.20.32.0/24)

I try to announce the routes for the office (10.1.0.0/24), the LAN (10.2.0.0/24) and the local ssl-vpn (10.3.0.0/24) via bgp to the partner.

The LAN gets announced correctly, but the office and ssl-vpn network are not announced.

bgp> show ip bgp 10.3.0.0
BGP routing table entry for 10.3.0.0/24, version 0
Paths: (1 available, no best path)
Not advertised to any peer
Local
0.0.0.0 (inaccessible) from 0.0.0.0 (1.1.1.1)
Origin IGP, metric 0, weight 32768, invalid, sourced, local
Last update: Thu Mar 30 11:36:31 2023

How can I add the office lan and the ssl-vpn to the bgp daemon as local networks?

Cheers

This thread was automatically locked due to age.

Parents

0 Raphael Alganes over 1 year ago

Hello there,

Thanks for reaching out to Sophos Community and hope you are well.

Was this previously working before or a new configuration? If this was working before, are there any network changes/maintenance before the issue occurred?

Was BGP configured as per this KBA: https://support.sophos.com/support/s/article/KB-000038375?language=en_US&name=KB-000038375

Also, May we check what zones you enabled "Dynamic Routing" bunder SYSTEM, Administration > Device access?

Many thanks for your time and patience and thank you for choosing Sophos.

Cheers,

Raphael Alganes
Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Cancel
0 Alie2n over 1 year ago in reply to Raphael Alganes

Hi Raphael,

thank your for your response.

This is a new configuration. The local LAN route is announced successfully to the peer, but the non local route (office) and local openvpn route is not announced. I think this is because these do not show up in the local routing table.

I hope that there is a some kind of "force announce" which I found for various other products.

Cheers,

Nicki
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Alie2n over 1 year ago in reply to Raphael Alganes

Hi Raphael,

thank your for your response.

This is a new configuration. The local LAN route is announced successfully to the peer, but the non local route (office) and local openvpn route is not announced. I think this is because these do not show up in the local routing table.

I hope that there is a some kind of "force announce" which I found for various other products.

Cheers,

Nicki
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data