[c-nsp] site-to-site vpn, ipsec-gre, 2811/HSEC
ChrisSerafin
chris at chrisserafin.com
Wed Jan 7 00:25:19 EST 2009
I can understand the dynamic routing but why should remote spoke sites
need this unless they have multiple egress points? I would use a
floating static at the remotes if needed and peer your HQ hub VPN router
with dynamic routing....have the HQ router redistrubute statics via
dynamic routing...? That's what I do....just a thought.
--Chris
Brad Hedlund wrote:
> On 1/6/09 10:06 PM, "ChrisSerafin" <chris at chrisserafin.com> wrote:
>
>
>> Unless you need this for legacy IPX or some layer 2 stuff going across
>> the VPN, why not use the 'good ole, plain ole' IPSEC VPN?
>>
>
> Plain IPSEC VPN does not work well for dynamic routing and any-to-any VPN's.
> If dynamic routing is required you can go tunnel-less with GET VPN. However
> if routing private IP addresses across a public cloud is required you cannot
> escape the tunnel.
>
> Cheers,
>
> Brad Hedlund
> bhedlund at cisco.com
> http://www.internetworkexpert.org
>
>
> ------------------------------------------------------------------------
>
>
> No virus found in this incoming message.
> Checked by AVG - http://www.avg.com
> Version: 8.0.176 / Virus Database: 270.10.3/1878 - Release Date: 1/6/2009 7:56 AM
>
>
More information about the cisco-nsp
mailing list