From: Kyle Galusha (kgalusha@xxxxxxxxx)
Date: Mon Feb 05 2001 - 20:12:19 GMT-3
See if this makes sense. IPSEC will not support multicast/broadcast by itself.
You will need to do a GRE tunnel between you IPSEC peers to carry the multica
st hellos for OSPF. So put a tunnel interface on the source and destination r
outers for your IPSEC/GRE tunnels. THe GRE tunnel will carry the routing proto
col hellos and the IPSEC will carry the encrypted data that you specify in your
crypto access list.
See these links one for IKE and one for IPSEC
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/
scprt4/scipsec.htm
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/
scprt4/scike.htm
Kyle
At 04:40 PM 2/5/2001 -0600, Jason T. Rohm wrote:
>I am currently using an IPINIP tunnel with CET encryption for a LAN to LAN
>VPN.
>
>I would like to convert to a pure IPSec tunnel mode connection between the
>sites (the CET/IPINIP stuff works fine, I just need to learn IPSec before my
>test).
>
>I am confused on how to get dynamic routing working across the IPSec
>connection.
>
>I run OSPF across the tunnel interface now and use default routing for
>internet access. I can make the connectivity work if I statically define
>routes across the IPSec interface, but since I don't have a tunnel interface
>to work with, I don't know how to go about getting OPSF to work.
>
>Can someone point me in the right direction on this?
>
>Thank you,
>
> Jason T. Rohm
> Sr. Network Engineer
> Wire Technologies, Inc
> jtrohm@wiretech-inc.com
> (920) 766-5172
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:28:37 GMT-3