 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
10 messages in net.nether.puck.cisco-nsp[c-nsp] PIX VPN Mesh w/ OSPF| From | Sent On | Attachments |
|---|---|---|
| Dave Breiland | Jan 11, 2005 12:55 pm | |
| Jim McBurnett | Jan 11, 2005 1:29 pm | |
| Rodney Dunn | Jan 11, 2005 2:12 pm | |
| su1droot | Jan 15, 2005 2:21 pm | |
| Joe Maimon | Jan 15, 2005 7:17 pm | |
| Rodney Dunn | Jan 15, 2005 7:26 pm | |
| Dave Breiland | Jan 16, 2005 2:18 am | |
| Rodney Dunn | Jan 16, 2005 10:10 am | |
| su1droot | Jan 16, 2005 2:54 pm | |
| lis...@hojmark.org | Jan 16, 2005 5:17 pm |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | [c-nsp] PIX VPN Mesh w/ OSPF | Actions... |
|---|---|---|
| From: | Joe Maimon (jmai...@ttec.com) | |
| Date: | Jan 15, 2005 7:17:48 pm | |
| List: | net.nether.puck.cisco-nsp | |
At this rate drop pix and go straight to the 831. Will do very nice ipsec and routing, thank you very much. It even supports CBAC/IOS FW.
As a nice plus side, using DMVPN, you can hand these out to the bosses with their broadband internet connections and hook them up that way.
su1droot wrote:
You will have to watch out the PIX will not route traffic between VPN tunnels in the current 6.x release. I've seen note that this feature will be in the upcoming 7.0 release, but i don't hold my breath.
Also to support a routing protocol across the the tunnels (since IPSec doesn't support multicast or broadcast) you should run GRE across the IPSec tunnels. We are doing a similar setup at a customer who is doing IPSec PIX to PIX and GRE from and internal router over the IPSec to an internal route at the remote end. You will have to play with ip mtu and mss values on the GRE tunnel tho.
On Tue, 11 Jan 2005 09:55:49 -0800, Dave Breiland <supe...@dynamicis.com> wrote:
I want to make sure I'm on the right track and haven't set myself up for failure... I have 4 offices around the US. Each site has a different ISP... connected with a T1. My plan was to have a PIX-515 at each site. I would use the PIX's to create VPNs between each and every site. My guess is that there will be times that the ISPs will have routing issues between each other. To get around this, I would think that... -Route between Site A and Site B fails -Site B re-routes data to Site C which still has VPN to Site A. Presumably this would require EIGRP or OSPF. Unfortunately it looks like the PIX only supports OSPF. Is this the right direction/steps I should be taking? Am I just over complicating things? Has anyone had success with OSPF and the PIXs?
Thanks for any input.
Dave
_______________________________________________ cisco-nsp mailing list cisc...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________ cisco-nsp mailing list cisc...@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/