Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 2 replies
  • Subscribers 42 subscribers
  • Views 5932 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

MS Azure - IPSec Tunnel (S2S) with BGP Routing

Bastian Kammann

Hi,

 

 

I am trying do configure the following scenario. 

 

Azure:

- Virtual LAN (10.200.0.0/24) with Virtual Network Gateway (10.200.1.254 with the LAN 10.200.1.0/24)

- VPN S2S connection with PSK

- BGP ASN 65515

 

XG

- LAN (192.168.97.0/24)

- WAN (PPPoE with dynamic IP)

- BGP ASN 65530

 

I've setup the IPSec IKEv2 connection between on premise XG und Azure GW successfully. BGP is configured on both sides. Within the Azure documentation, I found out, that EBGP with multihop must be configured on the XG device.

 

How can I turn that feature on to get BGP going?

 

 

Kind regards,

Bastian

 

P.S.: Link to MS documentation https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/vpn-gateway/vpn-gateway-activeactive-rm-powershell.md



This thread was automatically locked due to age.
  • 0

    I see this is an old thread, not sure if anybody has since found the answer?

  • +1

    I have been able to get this working in SFOS 18.0.1 with ebgp-multihop. The setting is not exposed in the UI, but can be set from a terminal session.

     

    From main menu: 3, 1, 3

    bgp> enable

    bgp# configure terminal

    bgp(config)# router bgp <local AS>

    bgp(config-router)# neighbor <peer ID> ebgp-multihop <hops>

    bgp(config-router)# end

    bgp# copy running-config startup-config

     

    To verify the change:

    bgp# show ip bgp neighbors

    BGP neighbor is bar, remote AS ###, local AS ###, external link
    BGP version 4, remote router ID bar
    BGP state = Established, up for 00:11:29
    Last read 00:00:38, hold time is 180, keepalive interval is 60 seconds
    Neighbor capabilities:
    4 Byte AS: advertised and received
    Route refresh: advertised and received(new)
    Address family IPv4 Unicast: advertised and received
    Graceful Restart Capabilty: received
    Remote Restart timer is 120 seconds
    Address families by peer:
    IPv4 Unicast(not preserved)
    Graceful restart informations:
    End-of-RIB send: IPv4 Unicast
    End-of-RIB received:
    Message statistics:
    Inq depth is 0
    Outq depth is 0
    Sent Rcvd
    Opens: 5 0
    Notifications: 4 0
    Updates: 219 153
    Keepalives: 1026 1139
    Route Refresh: 0 0
    Capability: 0 0
    Total: 1254 1292
    Minimum time between advertisement runs is 30 seconds

    For address family: IPv4 Unicast
    Community attribute sent to this neighbor(both)
    100 accepted prefixes

    Connections established 4; dropped 3
    Last reset 00:13:15, due to BGP Notification send
    External BGP neighbor may be up to 2 hops away.
    Local host: foo, Local port: 179
    Foreign host: bar, Foreign port: 51651
    Nexthop: foo

    Read thread: on Write thread: off

Unfiltered HTML