Define an NetDefendOS OSPF Interface object which has the IPsec tunnel for the Interface
parameter. Specify the Type parameter to be point-to-point and the Network parameter to be the
network chosen in the previous step, 192.168.55.0/24.
This OSPF Interface tells NetDefendOS that any OPSF related connections to addresses within the
network 192.168.55.0/24 should be routed into the IPsec tunnel.
4. Define an OSPF Neighbor
Next, we must explicitly tell OSPF how to find the neighbouring OSPF router. Do this by defining a
NetDefendOS OSPF Neighbor object. This consists of a pairing of the IPsec tunnel (which is treated
like an interface) and the IP address of the router at the other end of the tunnel.
For the IPv4 address of the router, we simply use any single IP address from the network
192.168.55.0/24. For example, 192.168.55.1.
When NetDefendOS sets up OSPF, it will look at this OSPF Neighbor object and will try to send
OSPF messages to the IPv4 address 192.168.55.1. The OSPF Interface object defined in the
previous step tells NetDefendOS that OSPF related traffic to this IP address should be routed into
the IPsec tunnel.
5. Set the Local IP of the tunnel endpoint
To finish the setup for firewall A there needs to be two changes made to the IPsec tunnel setup on
firewall B. These are:
i. In the IPsec tunnel properties, the Local Network for the tunnel needs to be set to all-nets.
This setting acts as a filter for what traffic is allowed into the tunnel and all-nets will allow all
traffic into the tunnel.
ii. In the routing section of the IPsec properties, the Specify address manually option needs to be
enabled and the IPv4 address in this example of 192.168.55.1 needs to be entered. This sets the
tunnel endpoint IP to be 192.168.55.1 so that all OSPF traffic will be sent to firewall A with
this source IP.
The result of doing this is to "core route" OSPF traffic coming from firewall A. In other words the
traffic is destined for NetDefendOS.
6. Repeat the steps for the other firewall
What we have done so far is allow OSPF traffic to flow from A to B. The steps above need to be
repeated as a mirror image for firewall B using the same IPsec tunnel but using a different random
internal IP network for OSPF setup.
Tip: Non-OSPF traffic can also use the tunnel
A VPN tunnel can carry both OSPF traffic as well as other types of traffic. There is no
requirement to dedicate a tunnel to OSPF traffic.
4.5.6. An OSPF Example
This section goes through the detailed setup steps for the simple OSPF scenario illustrated below.
4.5.6. An OSPF Example Chapter 4. Routing
219
To Next Page
Loading...
