I 've 2 sites coneccted with a Frame relay link. On each site I 've c2610 routers running ip eigrp routing protocol.
On the HQ site I also have an ASA5500 that acts as endpoint of ipsec vpn to other branchs including the one I'm talking.
In these branch site I 've install a adsl router (not CISCO) that create a ipsec vpn link with the ASA as a backup of the FR link. The way I do it is with a static route in the branch office with a distance of 200.
I'm looking for a solution where I can share traffic between the fr link and the vpn. It seems that the aswer to my question is to create a GRE tunnel between the 2 routers and into the ipsec VPN in order to carry ip routing traffic by second path. Is this coorect? What are the ip addressing considerations if my branch ip address LAN is 10.110.32.0 /24 my HQ is 10.10.0.0/16 and de FR link is 10.210.32.0/30. Can you suggest me an addressing solution without configurating a loopback interface.
It seems that the aswer to my question is to create a GRE tunnel between the 2 routers and into the ipsec VPN in order to carry ip routing traffic by second path. Is this coorect?
Correct. In order to carry the EIGRP protocol over an IPSec tunnel you need GRE.
What are the ip addressing considerations if my branch ip address LAN is 10.110.32.0 /24 my HQ is 10.10.0.0/16 and de FR link is 10.210.32.0/30. Can you suggest me an addressing solution without configurating a loopback interface.
Ok, you lost me here. Once you configure the GRE in the IPSec link, the HQ will see two routes from the branch office. The load-balance will depend on the metrics of the routes being advertised. You can play around the EIGRP metrics to make this work or you can look into the variance command under EIGRP.
I'm not sure about a loopback interface for this task. What's the purpose for the loopback?
In some Gre over Ipsec design guides Cisco configures Loopback interfaces.
Can you provide a link where you saw this?
They use it as for tunnel termination.
Tunnel terminates in tunnel interfaces, not loopback interfaces.
his interface is not in the routting process. I don't know why?.
Correct, tunnel interfaces IP address do not participate in the routing process and often are given a point-to-point subnet (/30). You don't want tunnel interfaces to participate in the routing process since you want to avoid recursive routing - in other words, advertising the tunnel interface via the tunnel.
A design with loopback as the source and destination under the tunnel interface can be used when having multiple connections between the sites. Sourcing from the loopback instead of the physical egress interface, allows you to 'failover' in case one of the physical egress interfaces go down.
With that said, if you have a point-to-point WAN link, sourcing the tunnel from the egress IP address with destination being the remote router's WAN link is the most common configuration.
You don't need additional static routes on either router for loopback reachability nor the need to waste a subnet for loopbacks.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...