Stop sending advertisement for specific network in ospf Area 0 to the other VPN tunnel

Question

Hello,I have stucked in one subject . I have environmement which has routing protocol is "OSPF"  . HQ-test : 60.60.60.0/24BCN-Test:70.70.70.0/24. Test-Branc:66.66.66.0/24.HQ-Test & BCN-Test is connected via VPN  Hq-Test & Test-Branch is connected via VPN. I dont want to advertise Test-Branch Ip block to Bcn-Test , I have tried access-list & prefix list. It has not worked.  I add also routing tables from all sites Could you have any idea for the solution?[style="background-color: #ff0000;"]HQ-TEST routing table:[/style]HQ-TEST (VPN-VDOM) # get router info routing-table allS*      0.0.0.0/0 [5/0] via X.X.X.129, internal7C       1.20.255.19/32 is directly connected, VPN-Tst-BCN_0C       1.20.255.20/32 is directly connected, VPN-Tst-BCN_0O       1.20.255.40/30 [110/300] via 1.20.255.20, VPN-Tst-BCN_0, 2d18h39mO       1.20.255.44/30 [110/200] via 1.20.255.20, VPN-Tst-BCN_0, 2d18h39mC       1.20.255.59/32 is directly connected, VPN_Bnch2_Dp                       is directly connected, VPN_Bnch2_Dp_0C       1.20.255.60/32 is directly connected, VPN_Bnch2_Dp                       is directly connected, VPN_Bnch2_Dp_0C       1.20.255.248/30 is directly connected, root2VPN1O       1.20.255.252/30 [110/200] via 1.20.255.249, root2VPN1, 01w4d19hO       60.60.60.0/26 [110/101] via 1.20.255.249, root2VPN1, 2d20h28mO       60.60.60.128/26 [110/101] via 1.20.255.249, root2VPN1, 2d20h28mO       60.60.60.208/28 [110/101] via 1.20.255.249, root2VPN1, 2d20h28mO       60.60.60.224/28 [110/101] via 1.20.255.249, root2VPN1, 2d20h28mO       60.60.60.248/29 [110/101] via 1.20.255.249, root2VPN1, 2d20h28mC       62.96.202.128/27 is directly connected, internal7S       66.66.66.0/24 [15/0] via 95.91.224.231, VPN_Bnch2_Dp_0O       66.66.66.64/26 [110/101] via 1.20.255.60, VPN_Bnch2_Dp_0, 02:26:48O       66.66.66.128/26 [110/101] via 1.20.255.60, VPN_Bnch2_Dp_0, 02:26:48O       66.66.66.224/28 [110/101] via 1.20.255.60, VPN_Bnch2_Dp_0, 02:26:48O       66.66.66.240/29 [110/101] via 1.20.255.60, VPN_Bnch2_Dp_0, 02:26:48O       70.70.70.64/26 [110/201] via 1.20.255.20, VPN-Tst-BCN_0, 2d18h39mO       70.70.70.128/26 [110/201] via 1.20.255.20, VPN-Tst-BCN_0, 2d18h39mO       70.70.70.208/28 [110/201] via 1.20.255.20, VPN-Tst-BCN_0, 2d18h39mO       70.70.70.224/28 [110/201] via 1.20.255.20, VPN-Tst-BCN_0, 2d18h39mO       70.70.70.248/29 [110/201] via 1.20.255.20, VPN-Tst-BCN_0, 2d18h39mC       169.253.0.1/32 is directly connected, OSPF_LoopbackO       169.253.0.2/32 [110/400] via 1.20.255.20, VPN-Tst-BCN_0, 2d18h39mO       169.253.0.3/32 [110/200] via 1.20.255.249, root2VPN1, 01w4d19hO       169.253.0.5/32 [110/300] via 1.20.255.249, root2VPN1, 01w4d19hO       169.253.0.7/32 [110/200] via 1.20.255.20, VPN-Tst-BCN_0, 2d18h39mO       169.253.0.10/32 [110/300] via 1.20.255.20, VPN-Tst-BCN_0, 2d18h39mO       169.253.0.66/32 [110/200] via 1.20.255.60, VPN_Bnch2_Dp_0, 02:26:48 [style="background-color: #ff0000;"]BCN-TST routing table:[/style]BCN-TEST (VPN-VDOM) # get router info routing-table all S*      0.0.0.0/0 [5/0] via Y.Y.Y.1, wan2C       1.20.255.19/32 is directly connected, VPN-HQ-TstC       1.20.255.20/32 is directly connected, VPN-HQ-TstO       1.20.255.40/30 [110/200] via 1.20.255.45, root2VPN1, 01w4d00hC       1.20.255.44/30 is directly connected, root2VPN1O       1.20.255.59/32 [110/100] via 1.20.255.19, VPN-HQ-Tst, 2d18h40mO       1.20.255.60/32 [110/200] via 1.20.255.19, VPN-HQ-Tst, 2d18h40mO       1.20.255.248/30 [110/200] via 1.20.255.19, VPN-HQ-Tst, 2d18h40mO       1.20.255.252/30 [110/300] via 1.20.255.19, VPN-HQ-Tst, 2d18h40mO       60.60.60.0/26 [110/201] via 1.20.255.19, VPN-HQ-Tst, 2d18h40mO       60.60.60.128/26 [110/201] via 1.20.255.19, VPN-HQ-Tst, 2d18h40mO       60.60.60.208/28 [110/201] via 1.20.255.19, VPN-HQ-Tst, 2d18h40mO       60.60.60.224/28 [110/201] via 1.20.255.19, VPN-HQ-Tst, 2d18h40mO       60.60.60.248/29 [110/201] via 1.20.255.19, VPN-HQ-Tst, 2d18h40mO       66.66.66.64/26 [110/201] via 1.20.255.19, VPN-HQ-Tst, 02:27:20O       66.66.66.128/26 [110/201] via 1.20.255.19, VPN-HQ-Tst, 02:27:20O       66.66.66.224/28 [110/201] via 1.20.255.19, VPN-HQ-Tst, 02:27:20O       66.66.66.240/29 [110/201] via 1.20.255.19, VPN-HQ-Tst, 02:27:20O       70.70.70.64/26 [110/101] via 1.20.255.45, root2VPN1, 2d20h30mO       70.70.70.128/26 [110/101] via 1.20.255.45, root2VPN1, 2d20h30mO       70.70.70.208/28 [110/101] via 1.20.255.45, root2VPN1, 2d20h30mO       70.70.70.224/28 [110/101] via 1.20.255.45, root2VPN1, 2d20h30mO       70.70.70.248/29 [110/101] via 1.20.255.45, root2VPN1, 2d20h30mO       169.253.0.1/32 [110/200] via 1.20.255.19, VPN-HQ-Tst, 2d18h40mO       169.253.0.2/32 [110/300] via 1.20.255.45, root2VPN1, 01w4d00hO       169.253.0.3/32 [110/300] via 1.20.255.19, VPN-HQ-Tst, 2d18h40mO       169.253.0.5/32 [110/400] via 1.20.255.19, VPN-HQ-Tst, 2d18h40mC       169.253.0.7/32 is directly connected, OSPF-VPNO       169.253.0.10/32 [110/200] via 1.20.255.45, root2VPN1, 01w4d18hO       169.253.0.66/32 [110/300] via 1.20.255.19, VPN-HQ-Tst, 02:27:20

Benoit_Rech_FTNT · Answer

Hello, by definition, with OSPF, you should have the same OSPF database in all routers in a specific area. If you want to filter, you need to use different area, or use distribute-list-in on your test branch.

Benoit

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded