From: kevin gannon (kevin@gannons.net)
Date: Fri Dec 09 2005 - 09:37:34 GMT-3
Multicast+broadcast is not natively supported by
IPSec. You could do a GRE tunnel and they
run OSPF over that or you could use BGP.
Regards
Kevin
On 12/9/05, Tim <ccie2be@nyc.rr.com> wrote:
> Hi guys,
>
>
>
> Yesterday I was in a meeting with a couple engineers from MCI and a client.
>
>
>
> In this meeting the MCI engineers said that because they were using Lucent
> routers, they could not run OSPF through the VPN tunnels connecting the
> different sites.
>
>
>
> According to these MCI engineers the Lucent routers support OSPF and they
> support VPN but they don't support both running together.
>
>
>
> This didn't make any sense to me.
>
>
>
> How can that be?
>
>
>
> Once it's determined (by virtue of an acl) that a packet should be forwarded
> through the VPN tunnel, what difference does it make if the packet is an
> OSPF packet or something else?
>
>
>
> This was the issue this meeting was about.
>
>
>
> This client has remote sites throughout North American. Each site has 2 VPN
> tunnels - one going to a primary HQ site and a 2nd going to a backup HQ
> site.
>
>
>
> The 2 HQ sites are connected directed to each other through some high speed
> links.
>
>
>
> The objective is to have each remote site transmit traffic to the primary HQ
> site unless the link to that site is down in which case the remote should
> use the backup HQ site.
>
>
>
> Currently, the remote sites aren't running any dynamic routing protocols.
> They're using static routes.
>
>
>
> So, here's the question. Is it possible these MCI engineers are correct?
>
>
>
> TIA, Tim
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
This archive was generated by hypermail 2.1.4 : Mon Jan 09 2006 - 07:07:50 GMT-3