This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OSPF over IPSec with Sophos UTM

Hi Community,

I need help creating active redundant Data-Chanels for a customer system.

Heres my Setup (also see picture):

I have 2 UTM-Clusters on two sites "1" + "2",
Connected via transparent DWDM-Transfer-Interface,
OSPF active for redundancy and automatic internal Routing,
Remote Site "C" running two Cisco-Routers "C1" and "C2" (also in OSPF-Redundancy).
Had to use two E1-Lines for the Customer-Connect.
UTM-Cluster "A" has working IPSec-Tunnel to "C1".
UTM-Cluster "B" has working IPSec-Tunnel to "C2".
Trying to reach multiple Systems in Subnet "172.24.22.0/24" on Site "C" redundantly with Help of OSPF.
OSPF deliveres when active still first the direct Routes via IPSec, and the when one connection fails a redundant route from the second cluster to the remote Subnet.

Target:

I'm trying to get OSPF through (or over) IPSec-Tunnel running, to be able to get redundancy to target VLAN behind two remote Single Cisco-WAN-Routers.
While IPSec is active on the Routing-Interface OSPF will not detect any OSPF-Device on the other side.

Questions:
- What is needed to do, to allow OSPF over the IPSec-Tunnel?
- Is OSPF and then IPSec on the same Interface possible?

Ideas:
- I already tried "Bind  Tunnel to Interface" but had no luck
- I tried disabling IPSec and was able to "see" the OSPF-Neighbor (but received no routes or Subnet-Infos)
- I also tried policy routes and conditional routing

State (now:)
- Not using OSPF right now
- Using static Routes
- Customer ist not satisfied with routes based on conditions (wants OSPF)



This thread was automatically locked due to age.
Parents Reply Children
No Data