12-12-2023 09:47 AM - edited 12-12-2023 09:49 AM
I read the following article about Site to Site VPN With Static and Dynamic Routing.
The article says that the Satellite Site uses static Routing so the VPN Peer A has a static routes toward the Office LAN subnets let's say 172.16.101.0/24 as shown in the topology. And the Regional office Sie uses OSPF Routing Protocol.
The VPN Site to Site is configured between VPN Peer A and VPN Peer B.
A tunnel interface is configured on both palo alto firewalls.
Then OSPF Routing Protocol is implemented between VPN Peer A and VPN Peer B through the Tunnel VPN in area 1.
Finally the VPN Peer B was configured to redistribute the static route to 172.16.101.0/24 into OSPF domain to ensure end to end connectivity.
From the scenario explained in the article, we conclude that both VPN Peer A and VPN Peer B are running different routing mechanisms, STATIC Routing and Dynamic Routing.
Do you think that it should be better to do this once on VPN Peer A firewall only, since it has already static routes to the Satellite Subnets, so we can simply configure the VPN Peer A to redistribute these static routes into OSPF Domain as shown below without the need of adding static routes on VPN Peer B, especially in large deployment.
12-12-2023 12:29 PM
Hello,
Yeah they made it very complicated in the article on purpose. I prefer OSPF where applicable and static if I have to or need to.
Cheers.
12-12-2023 12:58 PM
@OtakarKlier I agree, the scenario is not a good example to explain the route Redistribution concept.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
