Route learned from Remote Network through IPSEC VPN Tunnel

Unanswered Question
Aug 30th, 2010
User Badges:

Hi,


I have 100 remote sites connected to the main office via IPSEC VPN tunnel and I am using OSPF as routing protocol at the main office. How I will be able to see those remote networks on main office network? Any thoughts how to do that?


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Mon, 08/30/2010 - 13:21
User Badges:
  • Green, 3000 points or more

Hi,


IPsec VPNs only pass IP unicast traffic (meaning regular OSPF won't work through the tunnel).

But, you can make OSPF work through the tunnel if using unicast OSPF (defining the neighbors manually).


If all sites are routers you can use IPsec/GRE or better DMVPN.


If there are ASAs, you're stucked with unicast OSPF.


Federico.

mrahman0302 Mon, 08/30/2010 - 13:46
User Badges:

Hi Federico,


I am replacing Nortel box to Cisco 3945. The problem is I have lot of remote sites and I have to stick to IPSEC tunnel. Question to you, after the tunnels are build up, do I see all the remote network on my routing table?


Thanks.

Federico Coto F... Mon, 08/30/2010 - 14:20
User Badges:
  • Green, 3000 points or more

You say:

Question to you, after the tunnels are build up, do I see all the remote network on my routing table?


If you have plain IPsec, the only way to see OSPF routes of the remote sites through the tunnel is by configuring OSPF to work as unicast.


Here's an example on how to pass OSPF through plain IPsec (but is with ASAs):

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00804acfea.shtml


Federico.

Actions

This Discussion