10-02-2001 07:38 AM - edited 02-21-2020 11:26 AM
I am trying to connect 2 sites - our US headquarters and our German office. We have an operational IPsec tunnel between a PIX 515 in the US and a 2620 in Germany. As a backup to the VPN link, we are trying to set up an ISDN direct dial between Germany and the US. I need to figure out how to send routing updates between 2 routers - one router in each location - so if the VPN link fails, they will know to go through the ISDN link. I only want to communicate these updates between two routers. I've looked at RIP (noisy even if it gets past the PIX), OSPF (not sure how to configure it), and even glanced at BGP. Help!
10-04-2001 07:21 AM
You can not send multicast routing updates over traditional IPSec tunnel mode. If you had a Cisco router at your US location, you could use GRE tunnels (not encrypted) between the routers, and IPSec transport mode, to encrypt your data. This way, un-enrypted routing updates could pass between routers.
HTH
10-04-2001 07:45 AM
We have a 2620 in the US with an ISDN BRI connection. Could I set up the tunnel from that to the 2620 i Germany? The US 2620 is on the same subnet as the PIX.
10-04-2001 08:17 AM
Yes you could. You may need to upgrade IOS. Here is good place to start:
http://www.cisco.com/warp/public/cc/so/cuso/epso/sqfr/safev_wp.htm
There is difference between GRE over IPSec and IPSec over GRE, have a look at that document and see what is right for you.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: