Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
486
Views
0
Helpful
3
Replies

IPSEC - MULTIPOINT TO MULTIPOINT

NSG_POLARIS
Level 1
Level 1

‎10-11-2008 03:18 AM - edited ‎03-03-2019 11:53 PM

Hi,

How Can I create a ipsec tunnel in multipoint to multi point network for the same source and destination network.

..........R1.......R3.

......../......\...../....\

(NetX).......ISP......ISP-(NetY)

........\....../.....\..../

.........R2.......R4

Source is network X and destination is Network Y. R1-R4 is my router.Primary path from NetX to NetY is R1 and R3.If R3 down then the path will be R1 and R4.

If R1 fails the path will be R2 and R3 ,vice versa.

Pls share all your ideas pls.

Rgds,

Gopinath.J

Labels:
0 Helpful
3 Replies 3

Istvan_Rabai
Level 7
Level 7

‎10-12-2008 07:43 AM

Hi,

From your drawing I suppose NetX is a layer2 network and it is served by the default gateways R1 and R2.

Also, I suppose NetY has an edge router that connects it to the ISP.

If this is the case, then you can arrange R1 and R2 in an active-standby configuration using HSRP. Users will send their traffic to the virtual ip address of the HSRP group independently of which router is alive.

You can then esablish 2 different IPSec tunnels (preferably GRE over IPSEC so routing protocols can be carried over the connection):

- from R1 to the NetY edge router

- from R2 to the NetY edge router

With this configuration you will have the necessary failover scenario in place.

Does this answer your question?

Chees:

Istvan

0 Helpful

NSG_POLARIS
Level 1
Level 1
In response to Istvan_Rabai

‎10-15-2008 04:11 AM

Hi,

NetX and NetY both are Layer3 Networks.

It is a low bandwidth Link.I dont want to increase the packet size with encapsulation. I am expecting somthing to do with ip-sec instead of GRE over ip-sec.

Pls advice.

0 Helpful

Istvan_Rabai
Level 7
Level 7
In response to NSG_POLARIS

‎10-15-2008 09:58 AM

Hi,

It's alright, then you just need to create the IPSec tunnel from the NetX low bandwidth interface to the NetY low bandwidth interface.

R1 through R4 will resolve the failover issue if routing is configured properly.

With a pure IPSec tunnel you will need to configure static routes on both NetX and NetY routers pointing to the subnets of the other side respectively.

Can you configure the IPSec tunnel or do you need help in this?

If help is needed then please provide a running-config on both NetX and NetY.

Thanks:

Istvan

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card