Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

VPNs and Frame - Using both

This is for a medium sized Enterprise hub and spoke Frame-Relay network of 40 sites located across contenental US. Today all spoke sites use 2620 routers. Hub is multiple 7200s. Routing protocol is ospf. Hub site has two 3030 VPN concentrators.

In an effort to lower costs and increase performance we had what seems to be a good idea.

"augment our frame-relay network with VPNs. All sites could have a frame-connection and a VPN link as well. We could send some applications like bulk transfer and e-mail on the VPN but use the frame for critical delay sensitive applications. And even better, both would backup each other"

Sounds good on paper but the difficulty is in the details. Specifically routing and backup paths.

I've considered using the spoke 2620s as the only router at the site. This could terminate the frame and DSL/TDM internet circuit and provide outbound traffic control via route-maps. It would handle encryption and tunneling as well. At the hub the 3030s terminate the tunnels and some router or MSFC could do the route-maps to send applications over specific paths.

But I don't see how to run a routing protocol over a VPN tunnel. So this leaves me with some kind of floating static route for backup.

Anybody have any ideas on combining frame and VPN into a cohesive, application aware transport?

Thanks in advanced,

John Royster


Cisco Employee

Re: VPNs and Frame - Using both

Hi John,

Just a suggestion, If you are using Routers all across your network and terminate the tunnels on those then we can use IPSec over GRE which would let Routing protocols to run over the tunnel aswell. For further details get in touch with your SE & Account team to design this.

Hope this helps,

Thanks and Regards,

Aamir Waheed,

Cisco Systems, Inc.



Community Member

Re: VPNs and Frame - Using both

Thanks Aamir,

GRE tunnel is an interesting approach. I'll get with the local SE for some brainstorming. There's much to think about here other than routing and backup - mainly filtering, NAT and security.

CreatePlease to create content