Hi all
we have a mpls nework from the ISP, wires only so we manage the routers etc. its uses BGP.
however we need the traffic encrypted between all the sites and our HQ, we have a primary and backup router at HQ
The engineer has configured gre tunnels to the HQ primary router only, as the backup router tunnel IP will only be seen in bgp if the primary goes down.
my question is, i gather from the HQ end, would have to configure a tunnel to each remote site both on the primary and backup routers.?
and is this a good method to achieve this?
I noticed he also used crypto maps rather than vti tunnels, but only matched the GRE tunnel source and endpoints, is this OK ?