Blind man needs a leader

Unanswered Question
Aug 10th, 2007


I've been told to create an isolated, secure path to the internet from remote sites via a gre tunnel but my designers are rather sketchy on how to do this.

Our current guest internet vlan resides on a pix virtual interface. Our BBSM hands out public class B addresses to guests.

We use 10.x.x.x for internal addressing.

The remote sites are edge routers at the far end of ATM-T1 or bridged DSL curcuits.

I'm supposed to hand out public class B addresses to clients attached to switches or access points at the edge routers.

At the remote end I know I must create another sub-interface/vlan for one end of a gre tunnel. At the core I'm told I'll need to bridge between the head end of the tunnel (private IP/routed vlan) and the guest vlan; public IP space.

Can this be done? Can I have public class B addresses handed out to clients, through a gre tunnel, to the far end of a circuit that routes only our privtate address space?

I feel like I'm swinging at a pinata.


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
tstanik Thu, 08/16/2007 - 12:57

A critical component in the V3PN solution, the IPSec-protected generic routing encapsulation (GRE) tunnel provides the secure transport of diverse traffic types and topologies and enables the use of dynamic routing to ensure network availability. Figure 16 shows the IPSec-protected GRE tunnel.

For more information please click following URL:

I think it will be not advisable to give your public IP Address.


This Discussion