From: Matt Wagner (miguknom@xxxxxxxxxxx)
Date: Wed Aug 01 2001 - 12:38:54 GMT-3
You could set up a GRE tunnel inside your IPSEC tunnel. Just make sure that
you don't cause recursive routing problems. You'll see what I mean if you
do it wrong...
A man said to the Universe, "Sir, I exist".
The Universe replied, "The fact may be,
but it inspires in me no sense of obligation."
----Original Message Follows----
From: "SALMON, MARK (SBMS)" <MARK.SALMON@cingular.com>
Reply-To: "SALMON, MARK (SBMS)" <MARK.SALMON@cingular.com>
To: "'ccielab@groupstudy.com'" <ccielab@groupstudy.com>
Subject: IP sec
Date: Wed, 1 Aug 2001 10:11:03 -0500
MIME-Version: 1.0
Received: from [63.104.50.75] by hotmail.com (3.2) with ESMTP id
MHotMailBD3169B0003F40042A193F68324B0EDD9; Wed, 01 Aug 2001 08:22:46 -0700
Received: from localhost (mail@localhost)by groupstudy.com (8.9.3/8.9.3)
with SMTP id LAA21080;Wed, 1 Aug 2001 11:31:28 -0400
Received: by groupstudy.com (bulk_mailer v1.12); Wed, 1 Aug 2001 11:27:02
-0400
Received: (from listserver@localhost)by groupstudy.com (8.9.3/8.9.3) id
LAA19508GroupStudy Mailer; Wed, 1 Aug 2001 11:27:02 -0400
Received: from cwgate2.cellular.ameritech.com
(cwgate2.cellular.ameritech.com [208.197.132.4]) by groupstudy.com
(8.9.3/8.9.3) with ESMTP id LAA19471 GroupStudy Mailer; Wed, 1 Aug 2001
11:27:00 -0400
Received: from cwmail2.cellular.ameritech.com
(delicious.cellular.ameritech.com [172.16.29.10]) by
cwgate2.cellular.ameritech.com (8.10.1/8.10.1) with ESMTP id f71FB6v00319
for <ccielab@groupstudy.com>; Wed, 1 Aug 2001 10:11:06 -0500 (CDT)
Received: from a219hof.cellular.ameritech.com
(a219hof.cellular.ameritech.com [199.176.112.109]) by
cwmail2.cellular.ameritech.com (8.10.1/8.10.1) with ESMTP id f71FB5r26196
for <ccielab@groupstudy.com>; Wed, 1 Aug 2001 10:11:05 -0500 (CDT)
Received: by a219hof.cellular.ameritech.com with Internet Mail Service
(5.5.2653.19) id <QADXXVCA>; Wed, 1 Aug 2001 10:11:06 -0500
>From nobody@groupstudy.com Wed, 01 Aug 2001 08:22:49 -0700
Message-ID: <4D7295FF96BCD4118CB300508BF97DBA0D6EDA@a218hof.cellular.ame
ritech.com>
X-Mailer: Internet Mail Service (5.5.2653.19)
Sender: nobody@groupstudy.com
Precedence: bulk
I need some direction concerning IPsec. In my reading of the documentation,
it mentioned that we should not use IPsec for multicast traffic.. Since
most routing protocols use multicast r broadcast by default then how does
one ensure that the IP nets one is using for one's traffic is reachable by
each IP sec peer. For example:
10.10.1.1 --------Internet--- 10.20.1.1
My questions are:
1) Should one use NAT here so the addresses are reachable?
or should one set up a GRE tunnel with some of of dynamic routing protocol
so the subnets are reachable or static routes.
I sense is the GRE tunnel is simpler to do. Any thoughts?
Mark Salmon
Sr. WAN Engineer Great Lakes Region
Cingular Wireless
2000 Ameritech Center Drive 3F07B
Hoffman Estates IL 60195
Voice: (847)765-3999
Pager: (847)992-0458
Email: mark.salmon@cingular.com
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:43 GMT-3