[c-nsp] PIX VPN Mesh w/ OSPF

Joe Maimon jmaimon at ttec.com
Sat Jan 15 19:16:38 EST 2005 

At this rate drop pix and go straight to the 831. Will do very nice 
ipsec and routing, thank you very much. It even supports CBAC/IOS FW.

As a nice plus side, using DMVPN, you can hand these out to the bosses 
with their broadband internet connections and hook them up that way.


su1droot wrote:

>You will have to watch out the PIX will not route traffic between VPN
>tunnels in the current 6.x release.  I've seen note that this feature
>will be in the upcoming 7.0 release, but i don't hold my breath.
>
>Also to support a routing protocol across the the tunnels (since IPSec
>doesn't support multicast or broadcast)  you should run GRE across the
>IPSec tunnels.  We are doing a similar setup at a customer who is
>doing IPSec PIX to PIX and GRE from and internal router over the IPSec
>to an internal route at the remote end.  You will have to play with ip
>mtu and mss values on the GRE tunnel tho.
>
>On Tue, 11 Jan 2005 09:55:49 -0800, Dave Breiland
><superdave at dynamicis.com> wrote:
>  
>
>>I want to make sure I'm on the right track and haven't set myself up for
>>failure...
>>I have 4 offices around the US.  Each site has a different ISP...
>>connected with a T1.  My plan was to have a PIX-515 at each site.  I
>>would use the PIX's to create VPNs between each and every site.  My
>>guess is that there will be times that the ISPs will have routing issues
>>between each other.  To get around this, I would think that...
>>-Route between Site A and Site B fails
>>-Site B re-routes data to Site C which still has VPN to Site A.
>>Presumably this would require EIGRP or OSPF.  Unfortunately it looks
>>like the PIX only supports OSPF.
>>Is this the right direction/steps I should be taking?
>>Am I just over complicating things?
>>Has anyone had success with OSPF and the PIXs?
>>
>>Thanks for any input.
>>
>>Dave
>>_______________________________________________
>>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>    
>>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
>
>
>  
>

More information about the cisco-nsp mailing list