I have several IPsec vpn tunnels to the main site.  The remote locations are using 871 routers and the main site is using an ASA 5510.  I am using the tunnels for both voice and data.  I would like to implement Rip or some type of dynamic routing between them.  but according to what I have found using IPsec it is not possible.

Is this true and if so what are my options. 

If you are looking for spoke-spoke connectivity DMVPN would be the best option where routing protocols can be employed for dynamic routing. However, DMVPN used when there are a quite a lot of sites requiring inter-site connectivity.

If you want dynamic routing to be used across sites your options are GRE tunnels and DMVPN. Else, if you have few sites that have to be connected, static routes can do the job for you.


Right now they have static routes, but a couple of days ago one site went down and it was a mission to change all the routes temporary and then put them back when the site came back.  so im looking for a permanent solution.

Hello Joli,

to support GRE over IPSec or DMVPN ( that is MGRE over IPSec) you would need an IOS router at central site instead of the ASA.

As far as I know ASA doesn't support GRE over IPSec.

With GRE or mGRE you can deploy a routing protocol.


DMVPN is to be preferred if the number of sites is high as it allows to make hub configuration indipendent of the number of spokes.

