Example: protecting dynamic routing communications with a route-based VPN
This scenario shows an example of protecting communications when public Internet networks are used for backup connectivity.
Company A is a large company with enterprise networks at multiple sites. The networks are currently connected with a private backbone network that is built with dynamic routing using OSPF. The administrators want to use public Internet networks for backup connectivity in case the private backbone fails. To route the traffic and to protect the confidentiality and integrity of the dynamic routing communications, the administrators decide to send dynamic routing communications through tunnels in a route-based VPN.
The administrators:
- Define tunnel interfaces on the engines that act as VPN Gateways at each site. Note: One tunnel interface is required for each remote VPN Gateway endpoint.
- Add IP addresses to each tunnel interface.
- Create a Route-Based SD-WAN Tunnel element that specifies the gateways, endpoints, and tunnel interfaces, and select the appropriate tunnel type and VPN Profile. The
following options are used:
- TTL: Default.
- MTU: Default.
- PMTU Discovery: Enabled.
- Create Access rules that allow traffic between the internal networks and the networks that are reachable through the route-based VPN.
- Refresh the policy on the engines that act as VPN Gateways.
- Configure dynamic routing on the engines.