Hi Community,
I need help creating active redundant Data-Chanels for a customer system.
Heres my Setup (also see picture):
I have 2 UTM-Clusters on two sites "1" + "2",
Connected via transparent DWDM-Transfer-Interface,
OSPF active for redundancy and automatic internal Routing,
Remote Site "C" running two Cisco-Routers "C1" and "C2" (also in OSPF-Redundancy).
Had to use two E1-Lines for the Customer-Connect.
UTM-Cluster "A" has working IPSec-Tunnel to "C1".
UTM-Cluster "B" has working IPSec-Tunnel to "C2".
Trying to reach multiple Systems in Subnet "172.24.22.0/24" on Site "C" redundantly with Help of OSPF.
OSPF deliveres when active still first the direct Routes via IPSec, and the when one connection fails a redundant route from the second cluster to the remote Subnet.
Target:
I'm trying to get OSPF through (or over) IPSec-Tunnel running, to be able to get redundancy to target VLAN behind two remote Single Cisco-WAN-Routers.
While IPSec is active on the Routing-Interface OSPF will not detect any OSPF-Device on the other side.
Questions:
- What is needed to do, to allow OSPF over the IPSec-Tunnel?
- Is OSPF and then IPSec on the same Interface possible?
Ideas:
- I already tried "Bind Tunnel to Interface" but had no luck
- I tried disabling IPSec and was able to "see" the OSPF-Neighbor (but received no routes or Subnet-Infos)
- I also tried policy routes and conditional routing
State (now:)
- Not using OSPF right now
- Using static Routes
- Customer ist not satisfied with routes based on conditions (wants OSPF)
This thread was automatically locked due to age.
