Re: Full mesh of GRE over IPSEC tunnels

divyapratap.singh · ‎09-10-2007

Dear All,

We have around 10 different locations and there is a full mesh connectivity between them, now I need to encrypt the traffic between these sites, now if i create a static tunnel between each locations then it will not be scalable so how can i achieve this, can i achive this by mGRE and DMVPN, but again this works fine in case of hub and spoke environment but in any to any kind of a scenario will it be useful.

Please help.

a.alekseev · ‎09-10-2007

http://www.cisco.com/go/srnd/

rcsmith · ‎09-19-2007

OSPF

interface Tunnel0

bandwidth 3938

ip address mask

ip mtu 1416

ip nhrp authentication

!one pair per remote router

ip nhrp map multicast

ip nhrp map

ip nhrp network-id

ip ospf network point-to-multipoint

ip ospf priority 0

ip ospf 1 area 0.0.0.0

delay 20

tunnel source Loopback10

tunnel mode gre multipoint

tunnel key

tunnel protection ipsec profile

router ospf 1

router-id

log-adjacency-changes

EIGRP

interface Tunnel0

bandwidth 128

ip address mask

ip mtu 1416

ip hello-interval eigrp 1 15

ip hold-time eigrp 1 45

ip nhrp authentication

!one pair per remote router

ip nhrp map multicast

ip nhrp map

ip nhrp network-id

tunnel source Loopback10

tunnel mode gre multipoint

tunnel key

tunnel protection ipsec profile

router eigrp 1

network

no auto-summary

Not sure I actually posted this yesterday?

But the EIGRP configuration has been used for over three years and works well, note the EIGRP timers pushed out to what you see, it was because the defaults are too sensitive.

The OSPF is proving somewhat irksome; there are lots of OSPF adj changes in the logs, even with the timers adjusted.