Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PIX/2651 GRE and IPSEC VPN Migration

Greetings, we have a client with one HQ location and three branch offices.

Currently the HQ has a managed 2610 router terminating the internet connection, behind this is a PIX515 and behind that is a 2651.

The PIX provides VPN client termination and security for the internal network and a DMZ. The 2651 provides IPSEC and GRE tunnel termination for the branch offices, it also runs EIGRP for the WAN.

Each branch office has a single IPSEC GRE tunnel back to the HQ which is terminated on the 2651, branch office also has a GRE tunnel between each branch location, essentially GRE traffic between branch offices is hair pinned via the HQ. The branch offices also run EIGRP.

After speaking with the client i have ascertained there is very little if any traffic being transferred between branch offices as such i would like to simplify the design and just migrate the PIX to an ASA and drop the 2651 terminating both VPN clients and tunnels on the ASA without using GRE.

Any subsequent routing between branch offices could then be taken care of by using statics routes.

Does this sound like a feasible approach? I was trying to find a reason why GRE and EIGRP would be required in this situation.


New Member

Re: PIX/2651 GRE and IPSEC VPN Migration

Current Network Topology: