01-10-2008 08:05 AM - edited 03-03-2019 08:13 PM
Hi Everyone,
I want to have two sites connected by an ipsec VPN tunnel. At site1, I am using a 10.1.0.0 subnet, and at site2, I am using a 10.2.0.0 subnet. We use static routes (management chosen), so I wanted to ask if I needed to make a network statement for site1 to know how to reach site2 for traffic destined for 10.2.0.0?
Thank you for your help.
01-10-2008 08:24 AM
Network statement as of 'dynamic routing protocol' instead of 'static routes'.
You can't do this with IPSec alone, you need to build a GRE tunnel so non-IP packets can be send between this connection. As you know, 'dynamic routing protocols' do not use IP, they use their own protocol, hence the need for GRE.
HTH,
__
Edison.
01-10-2008 02:24 PM
Hi as mention in the first post you will have to use GRE tunneling to past routing multicast traffic. Cisco has nhrp next hop routing protocol you can configuer on your tunnel to direct traffic to the 10.2.0.0 subnet. You can use a tunnel key optional for more control on which traffic is sent to that subnet. I will post a sample config below of a tunnel configuration. As always you will want to make sure any changes wont adversly affect your network. HTH
ip nhrp map 2.222=tunnel add 10.10=loopback add
site 1
interface tunnel0
ip address 2.222.220.12 255.255.255.0
no ip redirects
ip nhrp map 2.222.221.11 10.10.22.21
ip nhrp network-id 10
tunnel source loopback0
tunnel mode gre multipoint
tunnel key 1
site 2
interface tunnel0
ip address 2.222.221.11 255.255.255.0
no ip redirects
ip nhrp map 2.222.220.12 10.10.22.22
ip nhrp network-id 10
tunnel source loopback0
tunnel mode gre multipoint
tunnel key 1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide