[c-nsp] PIX VPN Mesh w/ OSPF

Jim McBurnett jim at tgasolutions.com
Tue Jan 11 13:32:35 EST 2005


Dave,
Do you have an internal router at each site?
If you do use EIGRP on those routers and GRE tunnels.
The EIGRP will pass traffic over the GRE and the dynamically route the
data based on the VPN delay.
This will be totally independent of the ISP status...
I think I would use 2811 or 2801 VPN routers....
2801 would be cheaper than the PIX anyway.. And give you other
functions.....


Jim

-----Original Message-----
From: Dave Breiland [mailto:superdave at dynamicis.com] 
Sent: Tuesday, January 11, 2005 12:56 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] PIX VPN Mesh w/ OSPF

I want to make sure I'm on the right track and haven't set myself up for
failure...
I have 4 offices around the US.  Each site has a different ISP... 
connected with a T1.  My plan was to have a PIX-515 at each site.  I
would use the PIX's to create VPNs between each and every site.  My
guess is that there will be times that the ISPs will have routing issues
between each other.  To get around this, I would think that...
-Route between Site A and Site B fails
-Site B re-routes data to Site C which still has VPN to Site A.
Presumably this would require EIGRP or OSPF.  Unfortunately it looks
like the PIX only supports OSPF. 
Is this the right direction/steps I should be taking?
Am I just over complicating things?
Has anyone had success with OSPF and the PIXs?

Thanks for any input.

Dave
_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/




More information about the cisco-nsp mailing list