We did it at my last assignment. We had a 3725router sitting on a DMZ at each end with a AIM-VPN/EPII module. We did a LAN to LAN IPSEC tunnel with GRE to exchange OSPF routes accross the tunnel. The internal interface would connect to the internal lan.
You could put the routers on the public but you would be relying on the router security.
I think we put a opsf cost on the interface to make sure it was only used a back up.
The 2800 and 3800 series would work better because those card are built in.
Here is a link for IP Tunneling Configuration examples.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...