11-17-2000 06:40 AM - edited 02-21-2020 11:14 AM
Hi,
I am going to implement IPsec between 2 Cisco routers, I'll use IPsec ESP with tunnel, and I want to run ospf between the 2 routers over the IPsec tunnel.
One of my colleague told me that this is possible, the IPsec tunnel doesn't support dynamic routing protocol, he told me that I have to use static routing, is that right ?
Thanks for your help,
Sebastien
11-18-2000 03:47 AM
The question was:
When running IPSec in tunnel mode, is dynamic routing protocols are supported across the 'tunnelled' link ??
Answer:
Most routing protocols require multicast/broadcast for routing update, and since ipsec can only encrypt unicast traffic, this typically will not work. The workaround is to run GRE tunnels over transport mode ipsec and run the routing protocol on the tunnel interfaces.
11-23-2000 02:12 AM
You won't have to use static routes, you can create a GRE tunnel between the two routers and then run a dynamic protocol down that as well as your IPSec. I have done this, it works fine for IP & IPX too.
12-09-2000 11:10 AM
Looks like you've got your answer already, so
this is mostly exterraneous. The question that I had was why you were doing this? If it's just routing authentication you're trying to do, remember that OSPF does do peer router authentication using the keyed MD5 one-way hash.
(You said ESP and tunnel, but never mentioned any cryptography, which is why I had the question)
-Rakesh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide