Home > Security Appliances > Site-to-site VPN > Using OSPF to Advertise Remote VPN Subnets

Using OSPF to Advertise Remote VPN Subnets

Table of contents

Cisco Meraki MX security appliances support the OSPF routing protocol to advertise remote VPN subnets to neighboring layer 3 devices. This feature is useful in topologies where a large number of VPN subnets makes configuring static routes impractical. 

This article outlines the prerequisites and configuration necessary for OSPF on the MX platform. 

Note: MX devices in NAT mode only support OSPF on firmware versions 13.4+, with VLANs disabled. OSPF is otherwise supported when the MX is in passthrough mode on any available firmware version. This can be set under Security Appliance > Configure > Addressing & VLANs

Note: Please note that the MX will only advertise Meraki Auto VPN routes with OSPF. The MX will need static routes configured for any other local subnets.

Configuration

To configure OSPF on the MX, navigate to Security Appliance > Configure > Site­-to-­site VPN > OSPF.

Enabling Advertise Remote routes will provide additional configuration options: 

  • Router ID: The OSPF Router ID that the MX will use to identify itself to neighbors.
  • Area ID: The OSPF Area ID that the MX will use when sending route advertisements.
  • Cost: (Defaults to 1) The route cost attached to all OSPF routes advertised from the MX.
  • Hello timer: (Defaults to 10) How frequently the MX will send OSPF Hello packets in seconds. This should be the same across all devices in your OSPF topology.
  • Dead timer: (Defaults to 40) How long the MX will wait (in seconds) to see Hello packets from a particular OSPF neighbor before considering that neighbor inactive. 
  • MD5 Authentication: (Defaults to disabled) If this is enabled, MD5 hashing will be used to authenticate potential OSPF neighbors. This ensures that no unauthorized devices are injecting OSPF routes into the network.
  • Authentication Key: The MD5 key number and passphrase. Both of these values must match between any devices that you wish to form an OSPF adjacency.

To confirm that the MX is sending OSPF updates, a packet capture can be taken on the WAN interface of the MX. This will show the MX sending updates to other OSPF enabled devices. An in depth reference of an OSPF adjacency being formed can be found here.

You must to post a comment.
Last modified
10:42, 14 Sep 2017

Tags

Classifications

This page has no classifications.

Explore Meraki

You can find out more about Cisco Meraki on our main site, including information on products, contacting sales and finding a vendor.

Explore Meraki

Contact Support

Most questions can be answered by reviewing our documentation, but if you need more help, Cisco Meraki Support is ready to work with you.

Open a Case

Ask the Community

In the Meraki Community, you can keep track of the latest announcements, find answers provided by fellow Meraki users and ask questions of your own.

Visit the Community