AWS ipsec tunnel , BGP and P2
-
I have a simple question
For AWS we have a ipsec tunnel with BGP
I do not have issues with setup. BGP announce properly networks in both sitesMy question is for IPSEC P2.
Right now I allow /30 ip addresses used for BGP peering between pfsense AND AWS however I allow also local/remote networks which are announced via BGPIs it safe to allow in P2
local netowrk 0.0.0.0/0
remote network 0.0.0.0/0in order all networks announced via BGP to work without additional P2 per network, and if yes what is the P2 policy something specific ?
Unfortunately I cannot test it by my self :( I have only production system .
I'm asking this question because for example Mikrotik have some routing issues with such setup (allow P2 0.0.0.0/0 in tunnel mode) and need some customization.
Regards,
-
Ok Sorry look like VTI P2 works without any issues with AWS (I did not now that!)
however I'm still waiting some folks to confirm and will mark this as solved .. -
Yep VTI work without issues with AWS/BGP