Got it
Huawei Enterprise Support Community
Community Forums Routing & Switching
Ipsec over DSVPN while sp...

Ipsec over DSVPN while spokes have no public address

Latest reply: Sep 17, 2018 18:24:27 857 1 11 0 0
display all floors 1#

Hello everyone,

Today I will share with you how to deal with IPSec over DSVPN while spokes have no public address.

Customer request

1. Spoke 1 can visit HUB and spoke 2

2. Spoke can access the internet through HQ

Noted: spoke router Wan interface is private address and Firewall denies tunnel traffic in the export.

1


Spoke 1

2

ip route-static 0.0.0.0 0.0.0.0 Cellular0/0/0

Spoke 2

3

ip route-static 0.0.0.0 0.0.0.0 Cellular0/0/0

Hub

4

Handling Process

Check with the customer, finding the firewall blocks GRE traffic, so we just enable IPSEC in the GRE tunnel.

Display IP route in spoke 1, finding that spoke 2 internal subnets next hop is spoken 2 tunnel address, but both spokes have no public IP, they cannot build VPN, they visit each other have to through HUB. So we just change the OSPF network type.

Display IP route in spoke, finding that the route to the internet next hop is local wan interface but not to HUB tunnel address, so we have to modify the route.

Solution

Create an IPSEC in the GRE tunnel.

5

Change the OSPF network type.

6

Change the route to the internet.

7

That is all I want to share with you! Thank you!

  • x
  • convention:

Like (11) Dislike (0) Favorite(0) Share Report
Previous: how to configure the load-balance on the MPLS-VPN network
Next: Using Ensp simulating tool
Sergio93
Created Sep 17, 2018 18:24:27

Thanks for sharing, very useful :)
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " User Agreement."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookies Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Contact Us: e_online@huawei.com Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

APP

Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.