05-19-2009 08:32 PM - edited 03-04-2019 04:48 AM
I've been reading this configuration example to help set up OSPF over a VPN.
The difference, in my case, is that the second VPN peer is a Cisco 861 IOS based router. Can IOS do OSPF over the site-to-site VPN, or is a GRE tunnel needed? Where can I find reference material to help me set this up?
Thanks in advance.
05-20-2009 06:13 AM
Hi,
IOS doesn't support this configuration. You need to go with a GRE tunnel.
HTH
Laurent.
05-21-2009 07:50 PM
Hi,
If the router supports, you may want to consier Virtual Tunnel Interfaces in native ipsec ipv4 mode.
http://www.cisco.com/en/US/docs/ios/12_3t/12_3t14/feature/guide/gtIPSctm.html
HTH
Rakesh
06-04-2009 11:14 AM
What is the downside of SVTI (static virtual tunnel interface) compared to GRE?
06-04-2009 02:04 PM
Hi,
You can use static VTIs with or with out GRE. The difference is with the way router builds the IPSEC SA proxies. If you use the default gre mode, the traffic hitting the tunnel interface is GRE encapsulated using tunnel source and destination ips and then the IPSEC SAs is built using same source and destination ips. This means that tunnel source and destination IPs must be reachable. This is pretty much the only downside I can think of. In a traditional GRE over IPSEC set up you don't have this requirement (you use IPSEC to provide tunnel end point reach ability).
So, if you want encrypt multicast with out GRE encapulation you can use VTI in tunnel mode (tunnel mode ipsec ipv4). In this case the router builds IPSEC SAs for all source and destination (0.0.0.0/0.0.0.0) using tunnel source and destination ip.
HTH,
Rakesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide