Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Dynamic Routing protocol over IPsec ?

Hi,

I am going to implement IPsec between 2 Cisco routers, I'll use IPsec ESP with tunnel, and I want to run ospf between the 2 routers over the IPsec tunnel.

One of my colleague told me that this is possible, the IPsec tunnel doesn't support dynamic routing protocol, he told me that I have to use static routing, is that right ?

Thanks for your help,

Sebastien

3 REPLIES
New Member

Re: Dynamic Routing protocol over IPsec ?

The question was:

When running IPSec in tunnel mode, is dynamic routing protocols are supported across the 'tunnelled' link ??

Answer:

Most routing protocols require multicast/broadcast for routing update, and since ipsec can only encrypt unicast traffic, this typically will not work. The workaround is to run GRE tunnels over transport mode ipsec and run the routing protocol on the tunnel interfaces.

New Member

Re: Dynamic Routing protocol over IPsec ?

You won't have to use static routes, you can create a GRE tunnel between the two routers and then run a dynamic protocol down that as well as your IPSec. I have done this, it works fine for IP & IPX too.

New Member

Re: Dynamic Routing protocol over IPsec ?

Looks like you've got your answer already, so

this is mostly exterraneous. The question that I had was why you were doing this? If it's just routing authentication you're trying to do, remember that OSPF does do peer router authentication using the keyed MD5 one-way hash.

(You said ESP and tunnel, but never mentioned any cryptography, which is why I had the question)

-Rakesh

1913
Views
0
Helpful
3
Replies
CreatePlease login to create content