I've been told to create an isolated, secure path to the internet from remote sites via a gre tunnel but my designers are rather sketchy on how to do this.
Our current guest internet vlan resides on a pix virtual interface. Our BBSM hands out public class B addresses to guests.
We use 10.x.x.x for internal addressing.
The remote sites are edge routers at the far end of ATM-T1 or bridged DSL curcuits.
I'm supposed to hand out public class B addresses to clients attached to switches or access points at the edge routers.
At the remote end I know I must create another sub-interface/vlan for one end of a gre tunnel. At the core I'm told I'll need to bridge between the head end of the tunnel (private IP/routed vlan) and the guest vlan; public IP space.
Can this be done? Can I have public class B addresses handed out to clients, through a gre tunnel, to the far end of a circuit that routes only our privtate address space?
A critical component in the V3PN solution, the IPSec-protected generic routing encapsulation (GRE) tunnel provides the secure transport of diverse traffic types and topologies and enables the use of dynamic routing to ensure network availability. Figure 16 shows the IPSec-protected GRE tunnel.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...