New Member
Posts: 14
Registered: ‎09-16-2015

Multiple VTI Tunnel

I have 3 sites with one ER-X at every site. I have set up ipsec vpn and vti from Site A to B and from B to C. From site B i can communicate with everyone, from site A i can communicate with B and from C again with B. I can not pass traffic from A to C. Any ideas?

Senior Member
Posts: 2,734
Registered: ‎04-21-2015
Kudos: 404
Solutions: 107

Re: Multiple VTI Tunnel

Is static route missing from A===>C ?
Thanks,
Myky
CWNA
--------------------------------------------------------------------------------------------------------------------------------------------------
Don`t blame the device as it`s always doing what you have asked it to do, this is not always the same as what you want.
New Member
Posts: 14
Registered: ‎09-16-2015

Re: Multiple VTI Tunnel

I have static routes:

 

Site A is connected with vti0 to B vti0

SiteC is connected with vti0 to B vti1

 

I have static route at A for Subnet B to go through vti0 (working)

I have static route at C for Subnet B to go through vti0 (working)

 

I have static route at B for Subnet A to go through vti0 (working)

I have static route at B for Subnet C to go through vti1 (working)

 

If i add a static route at A for Subnet C to go through vti0 ( not working)!!!

 

Where i have the mistake?

Veteran Member
Posts: 8,073
Registered: ‎03-24-2016
Kudos: 2122
Solutions: 928

Re: Multiple VTI Tunnel

Ofcourse, you need to do this on both sides:

add a static route at C for Subnet A to go through vti0

 

Notes:

-If you have way more sites, use OSPF. It automatically update all routing tables whenever a new branch is added.

-if you do have a lot of A<->C traffic, build a direct tunnel inbetween them

New Member
Posts: 14
Registered: ‎09-16-2015

Re: Multiple VTI Tunnel

Could you guide me how to create osfp?

Senior Member
Posts: 2,734
Registered: ‎04-21-2015
Kudos: 404
Solutions: 107

Re: Multiple VTI Tunnel

OSPF:

https://help.ubnt.com/hc/en-us/articles/205204050-EdgeRouter-Configure-OSPF-network

GRE over IPSec:

https://help.ubnt.com/hc/en-us/articles/204961754-EdgeRouter-Layer-2-bridge-over-GRE-tunnel
Thanks,
Myky
CWNA
--------------------------------------------------------------------------------------------------------------------------------------------------
Don`t blame the device as it`s always doing what you have asked it to do, this is not always the same as what you want.
New Member
Posts: 14
Registered: ‎09-16-2015

Re: Multiple VTI Tunnel

- Router id is the ip of wan interface or lan interface?

 

- How to enable osfp if i use as lan interface switch0?

 

Highlighted
Senior Member
Posts: 2,734
Registered: ‎04-21-2015
Kudos: 404
Solutions: 107

Re: Multiple VTI Tunnel

[ Edited ]

- Router id is the ip of wan interface or lan interface? - best practice is to use loopback interface ip, but you still can manually specify using any ip (for instance 1.1.1.1) as soon as it is unique between  all OSPF routers in your system

- How to enable osfp if i use as lan interface switch0?

https://community.ubnt.com/t5/EdgeMAX/OSPF-on-Switch0-interface/td-p/620395

Thanks,
Myky
CWNA
--------------------------------------------------------------------------------------------------------------------------------------------------
Don`t blame the device as it`s always doing what you have asked it to do, this is not always the same as what you want.