Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
225
Views
0
Helpful
2
Replies

VPNs and Frame - Using both

jroyster
Level 1
Level 1

‎02-04-2003 12:46 PM - edited ‎03-09-2019 01:58 AM

This is for a medium sized Enterprise hub and spoke Frame-Relay network of 40 sites located across contenental US. Today all spoke sites use 2620 routers. Hub is multiple 7200s. Routing protocol is ospf. Hub site has two 3030 VPN concentrators.

In an effort to lower costs and increase performance we had what seems to be a good idea.

"augment our frame-relay network with VPNs. All sites could have a frame-connection and a VPN link as well. We could send some applications like bulk transfer and e-mail on the VPN but use the frame for critical delay sensitive applications. And even better, both would backup each other"

Sounds good on paper but the difficulty is in the details. Specifically routing and backup paths.

I've considered using the spoke 2620s as the only router at the site. This could terminate the frame and DSL/TDM internet circuit and provide outbound traffic control via route-maps. It would handle encryption and tunneling as well. At the hub the 3030s terminate the tunnels and some router or MSFC could do the route-maps to send applications over specific paths.

But I don't see how to run a routing protocol over a VPN tunnel. So this leaves me with some kind of floating static route for backup.

Anybody have any ideas on combining frame and VPN into a cohesive, application aware transport?

Thanks in advanced,

John Royster

CCNP/CCDP

Labels:
0 Helpful
2 Replies 2

awaheed
Cisco Employee
Cisco Employee

‎02-05-2003 12:44 PM

Hi John,

Just a suggestion, If you are using Routers all across your network and terminate the tunnels on those then we can use IPSec over GRE which would let Routing protocols to run over the tunnel aswell. For further details get in touch with your SE & Account team to design this.

Hope this helps,

Thanks and Regards,

Aamir Waheed,

Cisco Systems, Inc.

CCIE#8933

-=-=-=-

0 Helpful

jroyster
Level 1
Level 1
In response to awaheed

‎02-05-2003 01:00 PM

Thanks Aamir,

GRE tunnel is an interesting approach. I'll get with the local SE for some brainstorming. There's much to think about here other than routing and backup - mainly filtering, NAT and security.

0 Helpful
Customers Also Viewed These Support Documents