D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: corzza on April 15, 2018, 11:24:33 PM

Title: DFL-1600 + Cisco + GRE + OSPF
Post by: corzza on April 15, 2018, 11:24:33 PM

Hello all!
First of all - sorry for my English. It's not my native language.
I have some problem with dynamic routing between DFL-1600 and Cisco 1811 router`s. All devices was connected on GRE protocol (ipsec will second stage). It works. When i use static routes - it works. But when i try to use OSPF - i`ve a problem. OSPF works between Cisco routers. But didn`t wokr between Cisco and DFL-1600.
Can somebody help me?
I wiil be very gratefull for any help
Best regards, Sergey Dontsov

Cisco config
Router 1
interface Tunnel3000
 ip address 10.3.0.1 255.255.255.0
 ip ospf network broadcast
 ip ospf cost 10000
 ip ospf mtu-ignore
 tunnel source FastEthernet0
 tunnel destination 193.46.66.26
 tunnel key 133
!
interface Tunnel3001
 ip address 10.4.0.1 255.255.255.0
 ip ospf network broadcast
 ip ospf cost 10000
 ip ospf mtu-ignore
 tunnel source FastEthernet0
 tunnel destination 193.46.66.27
 tunnel key 134
!
interface FastEthernet0
 ip address 193.46.66.25 255.255.255.0
 duplex auto
 speed auto
router ospf 1
 router-id 10.3.0.1
 log-adjacency-changes
 passive-interface default
 no passive-interface Tunnel3000
 no passive-interface Tunnel3001
 network 10.0.11.0 0.0.0.255 area 3
 network 10.0.12.0 0.0.0.255 area 3
 network 10.0.13.0 0.0.0.255 area 3
 network 10.3.0.0 0.0.0.255 area 0
 network 10.4.0.0 0.0.0.255 area 0

ROUTER_1#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
10.4.0.2          0   FULL/DROTHER    00:00:31    10.4.0.2        Tunnel3001
ROUTER_1#

Router 2
[spoiler]interface Tunnel3001
 ip address 10.4.0.2 255.255.255.0
 ip ospf network broadcast
 ip ospf cost 10000
 ip ospf priority 0
 ip ospf mtu-ignore
 tunnel source FastEthernet0
 tunnel destination 193.46.66.25
 tunnel key 134
!
interface Tunnel3000
 ip address 10.3.0.3 255.255.255.0
 ip ospf network broadcast
 ip ospf cost 10000
 ip ospf mtu-ignore
 tunnel source FastEthernet0
 tunnel destination 193.46.66.26
 tunnel key 133
!
interface FastEthernet0
 ip address 193.46.66.27 255.255.255.0
 duplex auto
 speed auto

router ospf 1
 router-id 10.4.0.2
 log-adjacency-changes
 passive-interface default
 no passive-interface Tunnel3001
 no passive-interface Tunnel3000
 network 10.3.0.0 0.0.0.255 area 0
 network 10.4.0.0 0.0.0.255 area 0
 network 172.16.15.0 0.0.0.255 area 2

Neighbor ID     Pri   State           Dead Time   Address         Interface
10.3.0.1          1   FULL/DR         00:00:36    10.4.0.1        Tunnel3001[/spoiler]

ROUTER_2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 5 subnets
O IA    10.0.11.0 [110/10001] via 10.4.0.1, 00:04:21, Tunnel3001
O IA    10.0.12.0 [110/10001] via 10.4.0.1, 00:04:21, Tunnel3001
O IA    10.0.13.0 [110/10001] via 10.4.0.1, 00:04:21, Tunnel3001
C       10.3.0.0 is directly connected, Tunnel3000
C       10.4.0.0 is directly connected, Tunnel3001
C    193.46.66.0/24 is directly connected, FastEthernet0
ROUTER_2#

(http://i.piccy.info/i9/3a777e2a25dc5dbee9f324e93cc2299a/1523618350/14682/1236934/1.png) (http://piccy.info/view3/12243460/11986272443447fb7dd1c0b51ab572a8/)(http://i.piccy.info/a3/2018-04-13-11-19/i9-12243460/489x328-r/i.gif) (http://i.piccy.info/a3c/2018-04-13-11-19/i9-12243460/489x328-r) (http://i.piccy.info/i9/7d06500ff194fc14bac410ea51738be6/1523618357/11175/1236934/2.png) (http://piccy.info/view3/12243462/76bd12fb6fb3b70f4c75281481545348/)(http://i.piccy.info/a3/2018-04-13-11-19/i9-12243462/344x161-r/i.gif) (http://i.piccy.info/a3c/2018-04-13-11-19/i9-12243462/344x161-r) (http://i.piccy.info/i9/6ba76efd20223e3a5f7956d72013c926/1523618369/9366/1236934/3_500.jpg) (http://piccy.info/view3/12243463/e109eae1de5eec473730ab459467c51e/)(http://i.piccy.info/a3/2018-04-13-11-19/i9-12243463/500x123-r/i.gif) (http://i.piccy.info/a3c/2018-04-13-11-19/i9-12243463/500x123-r) (http://i.piccy.info/i9/ea72952d36990cfe5cea9cd52898cf9d/1523618380/11130/1236934/4_500.jpg) (http://piccy.info/view3/12243464/684205af1103bc8c3fc14843069c9fdf/)(http://i.piccy.info/a3/2018-04-13-11-19/i9-12243464/500x184-r/i.gif) (http://i.piccy.info/a3c/2018-04-13-11-19/i9-12243464/500x184-r) (http://i.piccy.info/i9/23e60b09cf92b42ef9576eba0ebb269b/1523618390/24609/1236934/5_500.jpg) (http://piccy.info/view3/12243465/842258ae3df25437df4b58518b510456/)(http://i.piccy.info/a3/2018-04-13-11-19/i9-12243465/500x276-r/i.gif) (http://i.piccy.info/a3c/2018-04-13-11-19/i9-12243465/500x276-r) (http://i.piccy.info/i9/e9810c5f8bd497763d5f5f617e1787a5/1523618400/20295/1236934/6_500.jpg) (http://piccy.info/view3/12243467/fa35d45d9e285acfdeeab77ce4c74e9b/)(http://i.piccy.info/a3/2018-04-13-11-20/i9-12243467/500x259-r/i.gif) (http://i.piccy.info/a3c/2018-04-13-11-20/i9-12243467/500x259-r)

Title: Re: DFL-1600 + Cisco + GRE + OSPF
Post by: Gattsu on April 16, 2018, 07:51:49 AM

The hellos are probably not going through with this error code "unknown neighbor". Possibly you need to create a allow rule for GRE tunnel traffic. Or maybe because Multicast traffic is not going through. Use the packet capture tool on the DFL to fully analyze.

Here is a GRE tunnel configuration sample.

set Device Name=Site-A
set Interface Ethernet wan1 DHCPEnabled=No
set Address IP4Address InterfaceAddresses/wan1_ip Address=1.1.1.160
set Address IP4Address InterfaceAddresses/wan1net Address=1.1.1.0/24
set Address IP4Address InterfaceAddresses/lan_ip Address=192.168.0.1
set Address IP4Address InterfaceAddresses/lannet Address=192.168.0.0/24
set Interface Ethernet wan1 DefaultGateway=1.1.1.2
add Interface GRETunnel gre-if IP=10.0.0.1 Network=192.168.1.0/24 RemoteEndpoint=3.3.3.160
add Interface InterfaceGroup gre-lan Members=gre-if,lan

add IPRule Action=Allow SourceInterface=gre-lan SourceNetwork=all-nets DestinationInterface=gre-lan DestinationNetwork=all-nets Service=all_tcpudpicmp Index=1 LogEnabled=Yes Name=gre-lan-allow

set IPRule 2(ping_fw) SourceInterface=gre-lan SourceNetwork=all-nets LogEnabled=Yes
activate
commit