How to configure VPN - IPSEC or GRE?

Discussion in 'Cisco' started by Jim, Dec 3, 2004.

  1. Jim

    Jim Guest

    I'm trying to figure out how to configure 2 routers at seperate locations to
    route traffic for particular interfaces over some sort of tunnel.

    Router A has the private address 10.0.0.1 on Eth0
    Router B has the provate address 192.168.0.1 on Eth0

    Both routers have numerous other networks connected on other
    interfaces, and also have multiple outbound interfaces.

    I looked at an IPSEC VPN but that seems to be configured on the outbound
    interface, but I have multiple outbound interfaces. Also
    IPSec uses access lists to match the incoming IP's. Its possible that in
    the future one of the routers may require another Eth interface
    using the same range of private IP's that have already been used for another
    network.

    I have started to look at GRE, is this the right solution? I just want to
    say anything that comes into Router A eth0 should be send out
    Router B eth0 and vice versa. No internet traffic should be able to get to
    either private network, and the private networks should not be
    able to connect to anything else other than each other - kind of like a VLAN
    between interfaces where it doesnt matter what IP's are
    used.

    Any pointers in the right direction would be appreciated.

    Thanks.

    Jim.
    Jim, Dec 3, 2004
    #1
    1. Advertising

  2. Jim

    Erik Freitag Guest

    On Fri, 03 Dec 2004 13:36:48 +0000, Jim wrote:

    > I'm trying to figure out how to configure 2 routers at seperate locations to
    > route traffic for particular interfaces over some sort of tunnel.
    >
    > Router A has the private address 10.0.0.1 on Eth0
    > Router B has the provate address 192.168.0.1 on Eth0
    >
    > Both routers have numerous other networks connected on other
    > interfaces, and also have multiple outbound interfaces.
    >
    > I looked at an IPSEC VPN but that seems to be configured on the outbound
    > interface, but I have multiple outbound interfaces. Also
    > IPSec uses access lists to match the incoming IP's. Its possible that in
    > the future one of the routers may require another Eth interface
    > using the same range of private IP's that have already been used for another
    > network.
    >
    > I have started to look at GRE, is this the right solution? I just want to
    > say anything that comes into Router A eth0 should be send out
    > Router B eth0 and vice versa. No internet traffic should be able to get to
    > either private network, and the private networks should not be
    > able to connect to anything else other than each other - kind of like a VLAN
    > between interfaces where it doesnt matter what IP's are
    > used.


    If I understand this correctly, you're trying to set up a virtual
    point-to-point interface between two routers that are not directly
    connected. If that's correct, and you trust the network that connects the
    routers (including any intermediate routers), I would say GRE is what
    you're looking for. If you don't trust the intermediate network (if it
    goes through a third party like an ISP for instance), then I think GRE
    over IPSEC may be what you want.
    Erik Freitag, Dec 4, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ali
    Replies:
    2
    Views:
    976
    chris
    Nov 5, 2003
  2. John Ireland
    Replies:
    1
    Views:
    1,021
    Claude LeFort
    Nov 11, 2003
  3. R Siffredi

    IPSEC/GRE VPN nested

    R Siffredi, May 12, 2004, in forum: Cisco
    Replies:
    0
    Views:
    565
    R Siffredi
    May 12, 2004
  4. Dimitri Petrovich

    GRE traffic over PIX IPSEC VPN

    Dimitri Petrovich, Jun 6, 2005, in forum: Cisco
    Replies:
    1
    Views:
    1,627
    Walter Roberson
    Jun 6, 2005
  5. Daniel
    Replies:
    8
    Views:
    21,705
Loading...

Share This Page