I've been trying to set up an IPSEC tunnel to AWS with BGP for some time now without success. I can get the tunnel set up fine, but BGP will not establish. No matter how many different configurations I've tried the result is the same, BGP just won't establish. ASNs are correct, interface addresses are correct, will not establish. I can't ping the neighbor IP from the commandline, 169.254.58.193, but I don't think that's unusual for an IPSec tunnel.
I've tried the same thing with a UTM9 by downloading the template and installing it - works perfectly. BGP establishes and all is good.
Any tips or pointers would be helpful if anyone has actually gotten this to work. Firmware is SFOS 17.0.2 MR-2
This is as far as we get:
BGP neighbor is 169.254.58.193, remote AS 7224, local AS 65406, external link
BGP version 4, remote router ID 0.0.0.0
BGP state = Active
Last read 00:16:36, hold time is 180, keepalive interval is 60 seconds
Message statistics:
Inq depth is 0
Outq depth is 0
Sent Rcvd
Opens: 0 0
Notifications: 0 0
Updates: 0 0
Keepalives: 0 0
Route Refresh: 0 0
Capability: 0 0
Total: 0 0
Minimum time between advertisement runs is 30 seconds
For address family: IPv4 Unicast
Community attribute sent to this neighbor(both)
0 accepted prefixes
Connections established 0; dropped 0
Last reset never
Next connect timer due in 92 seconds
Read thread: off Write thread: off
Quagga configuration looks like this:
router bgp 65406
bgp router-id x.x.16.191
network x.x.x.192/27
network 172.20.0.0/16
neighbor upstream peer-group
neighbor upstream remote-as 1477
neighbor upstream prefix-list pl-allowed-adv out
neighbor x.x.x.190 peer-group upstream
neighbor x.x.x.166 peer-group upstream
neighbor 169.254.58.193 remote-as 7224
!
ip prefix-list pl-allowed-adv seq 5 permit x.x.x.192/27
ip prefix-list pl-allowed-adv seq 10 deny any
This thread was automatically locked due to age.