All -
Scenario:
We have two OpenBSD firewalls/VPN gateways working in failover mode using pf,
pfsync, carp and sasync.
The firewalls on their inside network is connected to a Cisco router which is
connected back to the main corp network using a P2P serial connections (two
bonded T1s).
The corp side of the router is also another Cisco device.
We have OSPF running on corp network and the remote network.
Presently the corp network is connected to a 2MB/s DSL, which is also another
Cisco box and the OpenBSD firewalls are connected to 10MBs ethernet connection,
so we want to switch the default route to the OpenBSD firewalls.
We want to:
1. connect the Cisco DSL router to the OpenBSD firewalls using L2L IPSec for
redundant connectivity.
2. monitor the serial interface on the Cisco, which we can use HSRP, VRRP, OSPF
with metrics,
I would like to connect Cisco DSL router to the OpenBSD firewall using L2L IPsec
tunnel. This would help if we lose the serial connection then we can route all
traffic going to the remote network to ride the IPSec tunnel.
Question:
1. How do I specify route to the corp network thru the IPSec tunnel to
distribute into the OSPF cloud in OpenBSD? If I can, then we can use route
metric to make sure that the IPSec tunnel can fail over in case we lose serial
connectivity to the remote network.
Hope this makes sense.
Thanks for all your responses!.
Prabhu
-
