Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Sonicwall filter ospf routes

Posted on 2013-12-22
6
1,400 Views
Last Modified: 2014-01-05
Hi all,
we are moving from old cisco router to new sonicwall devices.

We have multiple locations, connected via mpls, each location has it's own internet access. For routing through the mpls network ospf is used. With sonicwall (NSA-2400 and NSA-220, all 5.8.1, by the way) I check redistribute connected networks to distribute the lan at X0. But in this case the WAN-Network at X1 is also distributed.

Is there a way to filter routing information to or from ospf process, or say just redistribute connected LAN networks? With cisco we used distribute-list <acl> <in|out>

Kind regards
0
Comment
Question by:acbxyz
  • 4
  • 2
6 Comments
 
LVL 11

Expert Comment

by:Miftaul
ID: 39735354
Enable the multicast support under the SonicWALL Interface advanced configuration. OSPF needs musticast traffics to be traversed for ospf adjacency.
0
 
LVL 10

Author Comment

by:acbxyz
ID: 39735547
I activated it on both ends, but don't know how it changes things.

OSPF is up and running, the problem is it is running too good for me.
0
 
LVL 11

Expert Comment

by:Miftaul
ID: 39735890
Please check this Here
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 10

Author Comment

by:acbxyz
ID: 39736708
I cannot reach my lab over christmas and will do more testing next year. My lab mpls emulating was used as spare part, so now I have only access to the main office sonicwall :-(

In my case it was this:
Tunnel created as in Route based VPN. See also my other question: http://www.experts-exchange.com/Networking/Security/Q_28322181.html#a39735045
ospf should only be used on X2, which is used for mpls on both ends.

If ospf is disabled: default route directs to gateway of each ISP. Main location has two of it, connected to VLAN-interfaces of X1. VPN tunnel goes up, everything is fine.

If ospf is enabled: default route still directs to gateway of each ISP, but the WAN address range is propagated by branch location sonicwall through MPLS to main location sonicwall. Since the subnet mask is more specific (0 <-> 29 in my lab) this route gets a higher priority, even so its metric is higher (20 <->110). It seems the VPN tunnel packages should be routed through X2 (MPLS) of both routers, which is prohibited through firewall and vpn bind option and thus the vpn tunnel gets disconnected.

No problem in an ordinary believe-in-failover scenario (mpls up, ospf routes active, workload routing ok / / mpls down, ospf routes vanish, vpn up, workload-routing ok). But we need the vpn tunnel up all the time.

The only way working seems to be a custom defined routing policy with source and destination defined as host ip directing to the gateway for each branch office and each ISP at the main office.
0
 
LVL 10

Accepted Solution

by:
acbxyz earned 0 total points
ID: 39736756
Think I found a solution here (german)
I must not check redistribute connected networks. Instead I have to define the X0 interface (LAN) as ospf passive.

I'll keep this thread open until I can test it a bit more.
0
 
LVL 10

Author Closing Comment

by:acbxyz
ID: 39757149
Not exactly what I wanted, but since no one provided a sonicwall-replacement for distribute-in and distribute-out acl it is at least working for us. Though the routing lists gets very full, the disturbing entries are not there any more since disabling redistribute connected networks on the mpls interface and enabling ospf passive service at the lan interface.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Use packet tracer to verify anyconnect VPN 11 59
Accessing two networks from one PC 30 109
Cisco WRVS4400N 11 37
Mapping a folder on a NAS to a drive letter 2 13
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question