Minor problem. Most routing protocols, via IPSec, have to run over a GRE
tunnel. Configuring this on the spokes is easy. Configuring this on the Hub
is a little more difficult, since you don't know the destination IP address.
Although, you might be able to configure NHRP in order to overcome this.
This would require a lot of lab-time to confirm functionality.
Another option is to configure the Spokes with NAT/PAT over the IPSec
tunnel. Then the Sites connecting to the Core, are acting as clients rather
then sites. Minor issue, you can no longer push out updates to systems at
the remote sites. You'll need to configure systems at the remote sites to
pull changes from the central site.
David C Prall [EMAIL PROTECTED] http://dcp.dcptech.com
----- Original Message -----
From: "mindiani mindiani"
To:
Sent: Monday, August 06, 2001 8:30 PM
Subject: a question for VPN Design experts [7:15061]
> I have a network that I am implementing using ipsec 3DES over
> the internet by ADSL using cisco routers. There is 700 remote sites
> connecting by vpn to the main site to a cisco 7140 router.
> the remotes sites are negotiating the IP address from the ISP.
> I am wondering if activating a routing protocol on the routers would be a
> good idea.
>
> Please suggest what would be a good solution
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=15065&t=15061
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
