Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
805
Views
5
Helpful
3
Replies

VPN Site to Site

Melvinb1981
Level 1
Level 1

‎01-16-2020 02:06 AM - edited ‎02-21-2020 09:50 PM

Good Day,

 

To make use of a Site to Site connection between HQ and a Branch office am i correct in saying if i use ospf as the routing protocol to advertise routes between the two i need to use GRE over IPSEC as it supports Multicast. If i just use IPSEC it will not advertise routes between the routers ?

 

Regards

Melvin

Labels:
0 Helpful
3 Replies 3

Rob Ingram
VIP
VIP

‎01-16-2020 02:24 AM

Hi,

Yes, use a route based VPN (VTI or GRE/IPSec), assuming it just between 2 sites (HQ and Branch) then use a FlexVPN sVTI (Static Virtual Tunnel Interface) and redistribute the routes via a dynamic routing protocol. Example here.

 

If it's between HQ and multiple Branch sites then you a Dynamic VTI on the HQ router with a sVTI on the branch sites. Example here.

 

HTH

Melvinb1981
Level 1
Level 1
In response to Rob Ingram

‎01-16-2020 08:45 PM

Thanks for the reply. I would not be able to use vti unless both routers are Cisco correct?

 

Regards

0 Helpful

Rob Ingram
VIP
VIP
In response to Melvinb1981

‎01-17-2020 01:00 AM

A VTI is a route based VPN, the majority of other vendors support route based VPNs. So you should be fine to establish a tunnel between a cisco router and another vendor.

HTH
0 Helpful
Customers Also Viewed These Support Documents