Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Preferred way to route in a fully meshed IPSec WAN

Can someone suggest to me the preferred way to dynamically route traffic in a fully meshed IPSec WAN topology. Presently, I am considering using dedicated routers in each location as tunnel end points and enabling GRE over the IPSec tunnels. Any special considerations or design issues with using EIGRP vs OSPF vs BGP to route between the WAN sites?

I've also heard about forgoing the dedicated routers and using RIP on the PIX/Concentrators and redistributing information from the local routing protocol.

I prefer to avoid using static routes whenever possible, and I would like to be able to establish at least 1 preferred route/tunnel (so that my traffic doesn't go through 2 other sites unless it is necessary).

Thanks for any suggestions.

New Member

Re: Preferred way to route in a fully meshed IPSec WAN

I have taken many cases for large networks using VPN over WAN link.

Most of the time, our customers are using GRE tunnel with IPSEC, then using OSPF, EIGRP or RIP the pass the routing information.

The reason is normally IPSEC cann not pass broadcast or mutilcast traffic but GRE with IPSEC will do. If you have large network, it is a very good idea to use GRE tunnel with IPSEC.

PIX only support RIP and VPN 3000 support RIP and OSPF.

But they are only can learning routes from RIP or OSPF, they can not advertise the routes through the IPSEC VPN tunnel using RIP or OSPF.

Here is the sample config for EIGRP and OSPF passing through GRE With IPSEC:

Hope above information will be helpful

CreatePlease to create content