Example: protecting dynamic routing communications with a route-based VPN

An example of protecting communications when public Internet networks are used for backup connectivity.

Company A is a large company with enterprise networks at multiple sites. The networks are currently connected with a private backbone network that is built with dynamic routing using OSPF. The administrators want to use public Internet networks for backup connectivity in case the private backbone fails. To route the traffic and to protect the confidentiality and integrity of the dynamic routing communications, the administrators decide to send dynamic routing communications through tunnels in a route-based VPN.

The administrators:
  1. Define tunnel interfaces on the firewalls that act as VPN Gateways at each site.
  2. Add IP addresses to each tunnel interface.
  3. Create a Route-Based VPN Tunnel element that specifies the gateways, endpoints, and tunnel interfaces, and select the appropriate tunnel type and VPN Profile. The following options are used:
    • TTL: Default.
    • MTU: Default.
    • PMTU Discovery: Enabled.
  4. Create Access rules that allow traffic between the internal networks and the networks that are reachable through the route-based VPN.
  5. Refresh the policy on the firewalls that act as VPN Gateways.
  6. Configure dynamic routing on the engines.