BGP Help

[Maverick8673]

Has anyone heard of any issues with using BGP and IPSEC VPN's?

Here is the issue: My set up is 2 ISP's 2 Routers EBGP- IBGP between the routers. HSRP Between the routers.

VPN is set up with a router ACLS are all in place through the PIX and Switches.

Here is the issue, when I fail from ISP A to ISP B by changing the priority for HSRP- The VPN fails in the sense that pings time out, thus causing the VPN router to switch to dial up mode.

I can not edit the config on the VPN router its maintained by the vendor, however the vendor says they do not "play" well with bgp.

Both of my router interfaces use ip address's of only one class c as do all of my other interfaces. The class C is provided by ISP A.

What possibly could be the issue here?

 

[nyy1023]

Are you using the same IP block?
Is BGP configured to a loopback IP since you are multi-homed?
BGP does not care about the traffic it is routing assuming the IP's are being announced and received accordingly. With running HSRP it does add a little complexity to the issue. In the VPN config I assume the peer IP's never change? From the routers are you able to ping the peer IP? You need to make sure you can get to the IP, do a ping and a trace to see where it goes. It is possible because of the routing that you are going across your ibgp session to route to the peer. It could be a routing issue, but you need to rule out the set up before accepting the vendor's response that VPN does not play well with BGP, that is just not true. If that were the case the there would be all kind of issues since the backbone providers are running bgp between the peers for routing and also running bgp internally themselves.

CCNA, CCNP