Greetings, we have a client with one HQ location and three branch offices.
Currently the HQ has a managed 2610 router terminating the internet connection, behind this is a PIX515 and behind that is a 2651.
The PIX provides VPN client termination and security for the internal network and a DMZ. The 2651 provides IPSEC and GRE tunnel termination for the branch offices, it also runs EIGRP for the WAN.
Each branch office has a single IPSEC GRE tunnel back to the HQ which is terminated on the 2651, branch office also has a GRE tunnel between each branch location, essentially GRE traffic between branch offices is hair pinned via the HQ. The branch offices also run EIGRP.
After speaking with the client i have ascertained there is very little if any traffic being transferred between branch offices as such i would like to simplify the design and just migrate the PIX to an ASA and drop the 2651 terminating both VPN clients and tunnels on the ASA without using GRE.
Any subsequent routing between branch offices could then be taken care of by using statics routes.
Does this sound like a feasible approach? I was trying to find a reason why GRE and EIGRP would be required in this situation.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...