Router 1 passes the route to vpn router 1, which uses ospf non broadcast to send it over ipsec to vpn router 2, which then forwards it to router 2.
In your case it sounds like the vpn routers are PIX, so I can't see a way to send the ospf without gre. The other option is to redist on router 1 into rip and do unicast rip from router 1 to router 2 (bypassing the vpn routers), and put statics on the pix's to resolve next hops. This will require the no update-verify source command,
Re: How to inject to OSPF a route to a subnet behind IPSEC VPN?
I think PIX only runs RIP listen, is that correct? If so, you will need to deploy a router next to the PIX at the remote site and run unicast RIP to it, or front the PIX with a router, and terminate IPSEC on it, then you can run OSPF non-broadcast between the two IPSEC termination routers.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...