This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG OSPF über RED Verbindungsabbrüche

Hallo in die Runde

seit geraumer Zeit versuchen wir Routen via OSPF zwischen zwei SG 230 mit Firmware SFOS 18.5.1 MR-1-Build326 (XG)

über einen RED-Tunnel auszutauschen. die OSPF Nachbarn tauschen die Routen, jedoch disconnected dann ständig der RED-Tunnel.

deaktiviere ich OSPF, steht der Tunnel.

Was kann da das Problem sein?.

gebaut haben wir es nach dieser Anleitung: support.sophos.com/.../KB-000038170

Added TAGs
[edited by: Erick Jan at 3:05 AM (GMT -7) on 30 May 2023]

Parents

0 LuCar Toni over 2 years ago

Wenn der Tunnel neu aufgebaut wird, wird er von der anderen Seite inititiert.
Wahrscheinlich, wenn die Routen kommen, verändern Sie das verhalten des Routing Stacks.

Was ist deine Routing Precedence und wenn du OSPF Routen pushst, wie erreich dann die Firewall, die die RED Verbindung aufbaut, die andere Firewall?

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel
0 Jörg Schumann over 2 years ago in reply to LuCar Toni

die precedence steht immer auf

1. Staic

2. SD-WAN

3. VPN
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 2 years ago in reply to Jörg Schumann

Wenn du RED Site to Site aufbaust und dann OSPF aktivierst, vergleiche bitte auf der Advanced shell den ip route output.

ip r

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel

0 Jörg Schumann over 2 years ago in reply to LuCar Toni

an der RED Route ändert sich nichts auch an den internen routen nicht

SG230_WP02_SFOS 18.5.1 MR-1-Build326# ip r
6.6.6.20/30 dev reds1 proto kernel scope link src 6.6.6.22
10.255.0.0/24 dev GuestAP proto kernel scope link src 10.255.0.1 linkdown
172.16.40.0/24 dev PortE0 proto kernel scope link src 172.16.40.1
172.17.0.0/24 dev PortE1 proto kernel scope link src 172.17.0.166

SG230_WP02_SFOS 18.5.1 MR-1-Build326# ip r
1.1.1.1 via 6.6.6.21 dev reds1 proto zebra metric 10
6.6.6.0/29 via 6.6.6.21 dev reds1 proto zebra metric 10
6.6.6.8/29 via 6.6.6.21 dev reds1 proto zebra metric 10
6.6.6.16/29 via 6.6.6.21 dev reds1 proto zebra metric 10
6.6.6.20/30 dev reds1 proto kernel scope link src 6.6.6.22
6.6.6.24/29 via 6.6.6.21 dev reds1 proto zebra metric 10
6.6.6.32/29 via 6.6.6.21 dev reds1 proto zebra metric 10
10.6.135.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.10.10.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.10.11.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.10.12.0/24 via 6.6.6.21 dev reds1 proto zebra metric 20
10.10.20.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.18.32.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.20.10.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.50.1.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.50.10.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.51.1.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.81.234.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.110.0.0/16 via 6.6.6.21 dev reds1 proto zebra metric 10
10.112.129.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.242.2.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.243.2.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.244.2.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.255.0.0/24 dev GuestAP proto kernel scope link src 10.255.0.1 linkdown
87.129.28.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
87.129.28.64/29 via 6.6.6.21 dev reds1 proto zebra metric 20
147.204.30.17 via 6.6.6.21 dev reds1 proto zebra metric 10
159.232.0.0/16 via 6.6.6.21 dev reds1 proto zebra metric 10
172.16.1.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
172.16.10.0/29 via 6.6.6.21 dev reds1 proto zebra metric 21
172.16.10.8/29 via 6.6.6.21 dev reds1 proto zebra metric 20
172.16.40.0/24 dev PortE0 proto kernel scope link src 172.16.40.1
172.17.0.0/24 dev PortE1 proto kernel scope link src 172.17.0.166
172.20.20.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
172.30.10.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.0.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.52.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.53.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.55.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.56.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.63.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.100.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.143.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.144.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.145.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.146.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.148.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.150.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.152.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.153.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.155.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.156.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.170.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10

Reply

0 Jörg Schumann over 2 years ago in reply to LuCar Toni

an der RED Route ändert sich nichts auch an den internen routen nicht

SG230_WP02_SFOS 18.5.1 MR-1-Build326# ip r
6.6.6.20/30 dev reds1 proto kernel scope link src 6.6.6.22
10.255.0.0/24 dev GuestAP proto kernel scope link src 10.255.0.1 linkdown
172.16.40.0/24 dev PortE0 proto kernel scope link src 172.16.40.1
172.17.0.0/24 dev PortE1 proto kernel scope link src 172.17.0.166

SG230_WP02_SFOS 18.5.1 MR-1-Build326# ip r
1.1.1.1 via 6.6.6.21 dev reds1 proto zebra metric 10
6.6.6.0/29 via 6.6.6.21 dev reds1 proto zebra metric 10
6.6.6.8/29 via 6.6.6.21 dev reds1 proto zebra metric 10
6.6.6.16/29 via 6.6.6.21 dev reds1 proto zebra metric 10
6.6.6.20/30 dev reds1 proto kernel scope link src 6.6.6.22
6.6.6.24/29 via 6.6.6.21 dev reds1 proto zebra metric 10
6.6.6.32/29 via 6.6.6.21 dev reds1 proto zebra metric 10
10.6.135.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.10.10.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.10.11.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.10.12.0/24 via 6.6.6.21 dev reds1 proto zebra metric 20
10.10.20.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.18.32.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.20.10.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.50.1.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.50.10.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.51.1.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.81.234.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.110.0.0/16 via 6.6.6.21 dev reds1 proto zebra metric 10
10.112.129.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.242.2.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.243.2.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.244.2.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
10.255.0.0/24 dev GuestAP proto kernel scope link src 10.255.0.1 linkdown
87.129.28.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
87.129.28.64/29 via 6.6.6.21 dev reds1 proto zebra metric 20
147.204.30.17 via 6.6.6.21 dev reds1 proto zebra metric 10
159.232.0.0/16 via 6.6.6.21 dev reds1 proto zebra metric 10
172.16.1.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
172.16.10.0/29 via 6.6.6.21 dev reds1 proto zebra metric 21
172.16.10.8/29 via 6.6.6.21 dev reds1 proto zebra metric 20
172.16.40.0/24 dev PortE0 proto kernel scope link src 172.16.40.1
172.17.0.0/24 dev PortE1 proto kernel scope link src 172.17.0.166
172.20.20.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
172.30.10.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.0.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.52.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.53.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.55.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.56.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.63.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.100.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.143.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.144.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.145.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.146.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.148.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.150.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.152.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.153.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.155.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.156.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10
192.168.170.0/24 via 6.6.6.21 dev reds1 proto zebra metric 10

Children

0 Jörg Schumann over 2 years ago in reply to Jörg Schumann

Ich glaube das Problem gefunden zu haben, mein lieber Kollege hat die falsche Netzmaske in unserer Haupt-Sophos für den WANanschluss konfiguriert.

werde den dann mal ändern und schauen.
Cancel
Vote Up 0 Vote Down

Cancel
0 Jörg Schumann over 2 years ago in reply to Jörg Schumann

also trotz Anpassung passiert das noch, via OSPF bekommt er ja die Route zur externen IP, über der er sich via RED verbindet
Cancel
Vote Up 0 Vote Down

Cancel
0 Jörg Schumann over 2 years ago in reply to Jörg Schumann

nach dem es die OSPF Datenbank bereinigt hat läuft alles, also war der Fehler die falsche Maske einer Sophos in der gleichen Area.
Cancel
Vote Up 0 Vote Down

Cancel