Route learned from Remote Network through IPSEC VPN Tunnel

mrahman0302 · ‎08-30-2010

Hi,

I have 100 remote sites connected to the main office via IPSEC VPN tunnel and I am using OSPF as routing protocol at the main office. How I will be able to see those remote networks on main office network? Any thoughts how to do that?

Thanks.

Federico Coto Fajardo · ‎08-30-2010

Hi,

IPsec VPNs only pass IP unicast traffic (meaning regular OSPF won't work through the tunnel).

But, you can make OSPF work through the tunnel if using unicast OSPF (defining the neighbors manually).

If all sites are routers you can use IPsec/GRE or better DMVPN.

If there are ASAs, you're stucked with unicast OSPF.

Federico.

mrahman0302 · ‎08-30-2010

Hi Federico,

I am replacing Nortel box to Cisco 3945. The problem is I have lot of remote sites and I have to stick to IPSEC tunnel. Question to you, after the tunnels are build up, do I see all the remote network on my routing table?

Thanks.

Federico Coto Fajardo · ‎08-30-2010

You say:

Question to you, after the tunnels are build up, do I see all the remote network on my routing table?

If you have plain IPsec, the only way to see OSPF routes of the remote sites through the tunnel is by configuring OSPF to work as unicast.

Here's an example on how to pass OSPF through plain IPsec (but is with ASAs):

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00804acfea.shtml

Federico.