Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Routing updates through VPN IPsec tunnel

I am trying to connect 2 sites - our US headquarters and our German office. We have an operational IPsec tunnel between a PIX 515 in the US and a 2620 in Germany. As a backup to the VPN link, we are trying to set up an ISDN direct dial between Germany and the US. I need to figure out how to send routing updates between 2 routers - one router in each location - so if the VPN link fails, they will know to go through the ISDN link. I only want to communicate these updates between two routers. I've looked at RIP (noisy even if it gets past the PIX), OSPF (not sure how to configure it), and even glanced at BGP. Help!

3 REPLIES
New Member

Re: Routing updates through VPN IPsec tunnel

You can not send multicast routing updates over traditional IPSec tunnel mode. If you had a Cisco router at your US location, you could use GRE tunnels (not encrypted) between the routers, and IPSec transport mode, to encrypt your data. This way, un-enrypted routing updates could pass between routers.

HTH

New Member

Re: Routing updates through VPN IPsec tunnel

We have a 2620 in the US with an ISDN BRI connection. Could I set up the tunnel from that to the 2620 i Germany? The US 2620 is on the same subnet as the PIX.

New Member

Re: Routing updates through VPN IPsec tunnel

Yes you could. You may need to upgrade IOS. Here is good place to start:

http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safev_wp.htm

There is difference between GRE over IPSec and IPSec over GRE, have a look at that document and see what is right for you.

270
Views
0
Helpful
3
Replies
CreatePlease login to create content