Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

RIP v2 network and security

HELP!! RIP v2 network and security

I am reposting my query. Below is my original query and the replies I got. I am still in a logjam on how do I go about achieving this.

Dear All,

We have a huge network connecting remote hospitals through microwave links which are terminated in 3560 L3 Switch. The network is using RIP V2 for routing data. Attached is the network diagram.

1. Site-1 is the administration office which receives the DHCP pool and internet from the HO.

2. The hospitals use these microwave links to share data like CT scans etc with each other.

Issue: We want only Site-1 should be able to access the HO. The other sites should not access HO since there can be a security issue but they should be able to share data with other sites.

Someone proposed installing a firewall at the HO, Will that help? What configuration can be done on the existing switches to eliminate this?

Solution

Three thoughts here:

1) I believe you should do some static routing between the sites using the microwave links. This will save you the BW utilized by the full routing updates created by RIP. You can do some route redistribution as needed.

2) I would suggest a GRE Tunnel with IPsec. I agree with the post above, you should secure the data crossing the airwaves. Use an access list at HQ to filter traffic from other sites other than site 1.

3) Use a DHCP locally for site one. Again, maximize your BW, by not having DHCP requests and replies having to cross the slowest links. NAT should be done at the EDGE where your network meets to the Internet.

Thank you for all the valuable inputs. However can you please elaborate on the below

1. How Can I configure a GRE Tunnel on Cisco 3560?

2. What kind of ACL would I use to filter traffic at HO?

3. This is something new, the customer wants to do load sharing with his DSL link 512 Kbps at the HO with SITE-1 with the 100 Mbps Microwave link. How do I achieve this?

I have made some changes to the diagram and reattached again.

Regards

Sarfaraz

1 REPLY
Hall of Fame Super Bronze

Re: RIP v2 network and security

1) Same as any other router.

Router A

interface vlan 1

ip address 10.1.1.1 255.255.255.0

interface tunnel0

ip address 192.168.1.1 255.255.255.0

tunnel source interface Vlan1

tunnel destination 10.1.1.2

RouterB

interface Vlan1

ip address 10.1.1.2 255.255.255.0

interface tunnel0

ip address 192.168.1.2 255.255.255.0

tunnel source interface Vlan1

tunnel destination 10.1.1.1

2. What kind of traffic you want to filter?

3. You will need EIGRP for load-sharing over unequal cost links.

HTH,

__

Edison.

103
Views
0
Helpful
1
Replies
CreatePlease to create content