Routing across IPSec tunnel

From: Walter Chen (wchen@xxxxxxxxx)
Date: Thu May 03 2001 - 12:09:18 GMT-3

• Next message: Mike L. Chase: "RE: CCIE #7307"
• Previous message: Andrew: "Re: IOS UPDATES"
• Next in thread: Rob Hopkins: "Re: Routing across IPSec tunnel"
• Maybe reply: Rob Hopkins: "Re: Routing across IPSec tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Anyone can tell how to enable routing across IPSec tunnel?

The basic problem is that when an IPSec tunnel is created
using the public IPs on both ends, a routing protocol, say,
EIGRP, does not know how to route across that tunnel, since
it does not see any interface associated with the remote
private ip network (the IPSec SA has the info but EIGRP
could not see it). While one can ping the remote private
address, there is no route showing up in the routing table.

One way to get around this is to create a GRE tunnel across
the public IP, and assign the tunnel interface a private IP.
In this case, the routing does go through. This solution
has its own problem, however, because the static GRE tunnel
will connect the remote private networks even when NO IPSec
tunnel exists or after the SA expires and so no traffic will
be encrypted.

Any ideas? Thanks!!

Walter
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: Mike L. Chase: "RE: CCIE #7307"
• Previous message: Andrew: "Re: IOS UPDATES"
• Next in thread: Rob Hopkins: "Re: Routing across IPSec tunnel"
• Maybe reply: Rob Hopkins: "Re: Routing across IPSec tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:33 GMT-3