We are planning to enable IPSEC on private network. We have location A and location B and both the locations are connected using 2* 10 Mbps links. We have EIGRP running on them. We want to establish IPSEC between the routers.
I was wondering how to enable IPSEC tunnel so that traffic moving through both the 10 Mbps pipes would be excrypted. If I can get some sample config its higly appreciated.
IPSec by its nature does not support running a routing protocol directly over it. There are many deployments that use GRE encrypted by IPSec for the purpose of running routing protocols like EIGRP and OSPF over IPSec. Your case seems similar. The following link provides an example of running EIGRP over GRE which in turn is encrypted via IPSec.
Recently Cisco has come out with another feature that makes running routing protocols over IPSec a little simpler. This feature is called IPSec VTI (Virtual Tunnel Interface) and you can find additional information about it at the following URL:
Depending on your exact topology there might not be any requirement to run a routing protocol but since you already mention that these sites run EIGRP I have assumed that you would like to extend EIGRP across the sites.
I am very interested in you previous post with regard to running EIGRP over GRE and IPSEC. I have an issue where a customer has connections to his branch offices via an MPLS network and also Internet based VPN connections. However the connections at the branches do not support any dynamic routing protocols over the BT MPLS network.
If I can run GRE/IPSEC and then EIGRP I will be able to propogate routes across the network and in case of failure the data should swap to the vpn based link via another interface.
Does this sound feasible within an MPLS network. Are there any issues with running GRE or IPSEC over an MPLS network from British Telecom
I am not familiar with the BT MPLS solution. Just out of curiosity why are they not offering dynamic routing capability as it would seem to be a common requirement from most of L3 VPN customers?
You can run dynamic routing over GRE tunnels. If you think you require additional security then you can also use IPSec but I think you are not deploying any security mechanism currently so you probably do not need IPSec for the GRE tunnels over the MPLS cloud.
I think what you are trying to achieve is definitely doable as long as you give sufficient thought to the failover process between the MPLS connectivity and that provided by the VPN.
Thanks for that. they do offer BGP but only on standard links not DSL based connectivity over the MPLS network. The vpn's will be based around Cisco kit as well and I intend to run them over GRE also so that both links are advertised around the network.
It is very limiting not having the option of dynamic routing on DSL cicruits but I know BT are planning on allowing BGP over DSL at some point but not in the near future. Anyhow doing it this way should allow us to have the network that the customer requires.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...