From: Luan Nguyen (lm_nguyen@xxxxxxxxxxx)
Date: Mon Jul 01 2002 - 11:12:44 GMT-3
Hey Pete,
You have to look at whether people use OSPF inside the GRE tunnel or just
use OSPF on the backend. Usually with pure IPSEC you can only use
access-list for *routing* with Cisco. Lucent implementation let you use
static route I believe. To do routing over the tunnel, you would need GRE
then you can do eigrp/ospf inside the tunnel so that when you have a hug hub
backend, you can redistribute spokes'subnets.
With new IOS feature (12.2.8T and 12.1.9E for 7206VXR) you have the thing
called reverse route injection where you can redistribute spokes'subnets
back to the hub backend with just pure IPSEC.
Hope that help.
wr/lmn
From: "peter brown" <pita40@hotmail.com>
Reply-To: "peter brown" <pita40@hotmail.com>
To: ccielab@groupstudy.com
Subject: OSPF and IPSEC VPN
Date: Mon, 01 Jul 2002 13:24:10 +0000
Hello,
Please can somebody explain to me when it is necessary to use GRE tunnel for
IPSEC when using OSPF. I have seen examples where they used OSPF without GRE
tunnel and also seen were they used OSPF with GRE tunnel. Which is correct.
I have read that OSPF is not supported natively of IPSEC? Does this mean you
have to use GRE all the time you have OSPF?
Please help.
Peter
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:16 GMT-3