Tunnel endpoints GRE with IPSEC and PIX

Unanswered Question
May 18th, 2009

Currently use Pix/ASA with site-to-site IPsec with GRE inside the IPSEC.

My gre tunnels use a single interface on the internal router and point to the firewall. Example of the rules in the pix are SiteA to SitB: allowed to

Ospf is used to allow fail over between sites.

However I want to add an extra "tunnel" to one site and preserve the existing tunnel. Can I simple use new tunnel sources? SiteA and SiteB have several layer3 vlans on them.

I could easily use SiteA196.168.10.1 to SiteB as my tunnel endpoints, along with the External IP's on the firewalls used to create the IPsec tunnel.

All the examples all show using a single interface as the tunnel source for all the GRE tunnels. I haven't seen any example where using multiple interface as the tunnel source.

Reason behind this madness is my new tunnel will have an OSPF bandwidth of 40meg. Want to keep my old tunnel & Pix/ASA rules to the same site from my old 1meg tunnel. This way if 40meg tunnel/circuit "dies" then they will go over the 1meg circuit.

I want to do it this way to keep the latency low. Have it fail over to another site could have latency go from 30 to over 100ms.

Yes, no? I hope this isn't a re-post. The original I submitted never posted.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion