Re: OSPF via Site-to-Site IPSec VPN

pahenson · ‎05-08-2015

Good day all,

Is it possible to peer NSX with an OSPF neighbor through an IPSEC VPN site to site connection? The neighbor would be the next hop through the VPN.

The scenario is a Cisco router(VPN) -->L2 switch backbone --> (VPN)NSX Edge.

Cisco routers will pass the routing protocol multicast packets through the VPN, will the NSX Edge do the same???

Thank you...

Phil

nickmuir · ‎05-15-2015

Phil,

The Site-to-Site VPN capability of NSX does not support dynamic routing protocols

Nick

burnyd · ‎05-15-2015

Not that I am suggesting doing this but you can run a L2VPN on your physical network for both ESG's? What are you trying to accomplish?

pahenson · ‎05-18-2015

There is a layer 2 network between the NSX edge and the perimeter router(VRF). The layer 2 network is not in my group's control, so we need to encrypt the traffic between the router/edge(vlan separation is not enough). I wanted to peer the NSX edge and router using OSPF.

SRoland · ‎05-19-2015

You may also configure password or md5 has for the OSPF if its through 3rd-party network:

http://pubs.vmware.com/NSX-61/index.jsp#com.vmware.nsx.admin.doc/GUID-6E985577-3629-42FE-AC22-C4B56E...

pahenson · ‎05-19-2015

SRolandSRoland... The problem is not with OSPF authentication/hashing. ALL data needs to be encrypted across the L2 segment with an IPSEC/L3VPN tunnel.

SRoland · ‎05-19-2015

OK. My bad. did not get the requirements completely. I would just repeat then the above ppl....

All

OSPF via Site-to-Site IPSec VPN