RE: OSPF on VPN

From: Larry Roberts (groupstudy@american-hero.com)
Date: Sun Aug 01 2004 - 12:13:42 GMT-3

• Next message: Ian Stong: "RE: R&S LAB setup at the start/what is the initial config on"
• Previous message: Patrick Torney: "Re: Failed first attempt"
• Maybe in reply to: thunai: "RE: OSPF on VPN"
• Next in thread: Koen Peetermans: "RE: OSPF on VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

OK, let me give this a shot. GUI first, comand line second.

Via a GUI:
First, navigate to here:

-configuration->policy management ->traffic management -> filters
Click on the "public default" filter, then click on "assign rules to
filters"

On the right side is the list of available rules. You should see 2 labeled
with OSPF " OSPF IN (forward/in)" and OSPF OUT (forward/out)"
Click on the first OSPF rule, then click on the button in the center labeled
"add"

You should see the filter now show up on the left side.

If you want to see the details of those rules, then go to :

-configuration->policy management ->traffic managemetn ->Rules

You can scroll down and see what the actual details of any rule is, as well
as add any rule that you want.

Via the Command line.

First, navigate to :
-configuration(1)->policy management(4)->traffic management(2)-> filters(4)

Make note of the filter numbers, and which one in particular you want to
modify

Select assign a rule to a filter(4)

Select the filter to modify (use the list from the step above and input the
number of the filter)

You will see a list of filters already applied.

Select add a rule to this filter (1)

Look for OSPF IN and OSPF Out ( 14 and 15 for me ) and add them by typing
the numbers next to them one at a time.

Don't forget to save your configuration!

Larry

-----Original Message-----
From: thunai [mailto:thunai@cisco.com]
Sent: Sunday, August 01, 2004 1:02 AM
To: 'Larry Roberts'; security@groupstudy.com
Cc: ccielab@groupstudy.com
Subject: RE: OSPF on VPN

Thanks Robert , I have not added the filter rules. Is there any Easy way I
can configure the filter(assign rule ) using menu. It seems to very
difficult.

Regds
Thunai

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Larry Roberts
Sent: Sunday, August 01, 2004 10:03 AM
To: 'thunai'; security@groupstudy.com
Cc: ccielab@groupstudy.com
Subject: RE: OSPF on VPN

Does OSPF work to the inside?

Can you remove the filter from the outside completely and see if it pass's
packets? ( obviously not on the internet !)

Did you use the same area under the interface as you defined in the ip
routing section?

What do you mean by #6 ? By default ospf is filtered by the "public default"
filter, so you would need to add it to the filter. I didn't understand if
you added it, or if you thought it was already added. It should appear on
the left side of the filters list for it to be active.

Other than those questions, it sounds like it should work. I run OSPF on my
concentrators at work, and it was pretty simple to setup. Biggest issue I
had was advertising my remote ospf networks into OSPF. Took me several hours
before the check mark for ASBR jumped out at me!
 

-----Original Message-----
From: thunai [mailto:thunai@cisco.com]
Sent: Saturday, July 31, 2004 11:09 PM
To: 'Larry Roberts'; security@groupstudy.com
Cc: ccielab@groupstudy.com
Subject: RE: OSPF on VPN

Hai
    I have done the following steps .

  1. Set OSPF Router ID
  2. Enable OSPF
  3. Defined the area
  4. Enable ospf on the outside interface
  5. Assigned Public defacult filter to Ouside Interface
  6. Checked the filters for OSPF in / OSPF out.

   But still VPN is not sending any packets to the outside.. I did a debug
on the router I am not receiving any packet on the router from VPN
concentrator

If any body has any clue please help me

Regds
Thunai

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Larry Roberts
Sent: Saturday, July 31, 2004 9:03 PM
To: 'thunai'; security@groupstudy.com
Subject: RE: OSPF on VPN

What all have you done to enable it?

You need to enable ospf and provide its parameters under the interface
itself, and you also need to to enable OSPF under ip routing as well.

Does it work to the inside?

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
thunai
Sent: Saturday, July 31, 2004 6:16 AM
To: security@groupstudy.com
Subject: OSPF on VPN

Hai
     I trying to enable OSPF on the public interface , I could not succseed.
Is there any way i can trouble shoot ospf on VPN concentrator .
 
I have i r3-------(public inter face )----vpn---(rip)-----r2. I am getting
rip routes on r2. But i am not getting any packets from vpn concetrator to
r3.
 
 
Please help me
 
 
Regds
Thunai

• Next message: Ian Stong: "RE: R&S LAB setup at the start/what is the initial config on"
• Previous message: Patrick Torney: "Re: Failed first attempt"
• Maybe in reply to: thunai: "RE: OSPF on VPN"
• Next in thread: Koen Peetermans: "RE: OSPF on VPN"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Sep 03 2004 - 07:02:31 GMT-3