cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
568
Views
0
Helpful
3
Replies

Routing updates through VPN IPsec tunnel

dadams
Level 1
Level 1

I am trying to connect 2 sites - our US headquarters and our German office. We have an operational IPsec tunnel between a PIX 515 in the US and a 2620 in Germany. As a backup to the VPN link, we are trying to set up an ISDN direct dial between Germany and the US. I need to figure out how to send routing updates between 2 routers - one router in each location - so if the VPN link fails, they will know to go through the ISDN link. I only want to communicate these updates between two routers. I've looked at RIP (noisy even if it gets past the PIX), OSPF (not sure how to configure it), and even glanced at BGP. Help!

3 Replies 3

JOSH GANT
Level 1
Level 1

You can not send multicast routing updates over traditional IPSec tunnel mode. If you had a Cisco router at your US location, you could use GRE tunnels (not encrypted) between the routers, and IPSec transport mode, to encrypt your data. This way, un-enrypted routing updates could pass between routers.

HTH

We have a 2620 in the US with an ISDN BRI connection. Could I set up the tunnel from that to the 2620 i Germany? The US 2620 is on the same subnet as the PIX.

Yes you could. You may need to upgrade IOS. Here is good place to start:

http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safev_wp.htm

There is difference between GRE over IPSec and IPSec over GRE, have a look at that document and see what is right for you.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: