"Lars Christensen" <_maybe-for-you-to-know> wrote in message
news:Xns9567E47C1529Clarsperseusdkmaybefo@130.227. 3.84...
> Hi group...
>
> I've got a task of configuring a couple of Cisco 1711 with VPN-card
> build-in.
>
> The setup is as follow:
>
>
> LAN router WAN router LAN
> +------+ +------+
> -----| 1711 |---------| 1711 |-----
> +------+ +------+
>
> The WAN-connection has to be encrypted by DES3 at least.
>
> That alone is a regular setup, described in the manuals.
>
> However, my tricky questions are:
>
> 1. Is it possible to make the connection from LAN to LAN totally
> transparent to the rest of the network, so that broadcasts, routing
> updates and so on can occour as if it was a regular ethernet cable.
Ipsec will not natively forward any broadcasts or multicasts. However, if
you use gre (then encrypt the gre tunnel), you can do anything you could
normally do with a router interface. You could forward udp broadcast with
an ip helper and use multicast. I've not tried it, but I think you could do
an ip directed broad cast with ipsec.
>
> 2. Is it possible to make the tunnel capable of transporting a MTU of
> 1500.
No, not unless you are tunneling through something like tokenring.
>
>
> The WAN link is made of an FWA (Fixed Wireless Access) radiolink with
> regular 10/100 Tx ethernet ports towards the routers.
>
> Hope to hear from you guys...
>
>
> - Cheers
>
> Lars Christensen
|
Similar Threads
