Routing between 2 remote sites across a L2L VPN tunnel

tomtom001 · ‎01-10-2008

Hi Everyone,

I want to have two sites connected by an ipsec VPN tunnel. At site1, I am using a 10.1.0.0 subnet, and at site2, I am using a 10.2.0.0 subnet. We use static routes (management chosen), so I wanted to ask if I needed to make a network statement for site1 to know how to reach site2 for traffic destined for 10.2.0.0?

Thank you for your help.

Edison Ortiz · ‎01-10-2008

Network statement as of 'dynamic routing protocol' instead of 'static routes'.

You can't do this with IPSec alone, you need to build a GRE tunnel so non-IP packets can be send between this connection. As you know, 'dynamic routing protocols' do not use IP, they use their own protocol, hence the need for GRE.

HTH,

__

Edison.

williamsdo · ‎01-10-2008

Hi as mention in the first post you will have to use GRE tunneling to past routing multicast traffic. Cisco has nhrp next hop routing protocol you can configuer on your tunnel to direct traffic to the 10.2.0.0 subnet. You can use a tunnel key optional for more control on which traffic is sent to that subnet. I will post a sample config below of a tunnel configuration. As always you will want to make sure any changes wont adversly affect your network. HTH

ip nhrp map 2.222=tunnel add 10.10=loopback add

site 1

interface tunnel0

ip address 2.222.220.12 255.255.255.0

no ip redirects

ip nhrp map 2.222.221.11 10.10.22.21

ip nhrp network-id 10

tunnel source loopback0

tunnel mode gre multipoint

tunnel key 1

site 2