VPN Site to site IPSEC
-
Wouldn't you create IPsec tunnels on all the routers going to all the other routers then run FFR to look after the routing ?
-
Because the routing table has no effect on IPsec so FRR won't do you any good there.
You want to do it in your Phase 2s.
If a network should be reachable from a site, there should be a Phase 2 for it.
For instance, For the tunnels from A to B:
On A:
Local Network: 10.1.0.0/16, Remote Network: 10.2.0.0/16
Local Network: 10.3.0.0/16, Remote Network: 10.2.0.0/16
Local Network: 10.4.0.0/16, Remote Network: 10.2.0.0/16On B:
Local Network: 10.2.0.0/16, Remote Network: 10.1.0.0/16
Local Network: 10.2.0.0/16, Remote Network: 10.3.0.0/16
Local Network: 10.2.0.0/16, Remote Network: 10.4.0.0/16Etc.
-
and if I only have an ipsec connection between headquarters A and D
but in the headquarters D I want to see the headquarters B
all other venues are configured and seen with WIMAX
how do I pass the routing table?attached network image
 -
and if I only have an ipsec connection between headquarters A and D
but in the headquarters D I want to see the headquarters B
all other venues are configured and seen with WIMAX
how do I pass the routing table?You put the local and remote networks on that tunnel.
On the tunnel between A and D you would make a P2 for D to B.
-
and if I only have an ipsec connection between headquarters A and D
but in the headquarters D I want to see the headquarters B
all other venues are configured and seen with WIMAX
how do I pass the routing table?You put the local and remote networks on that tunnel.
On the tunnel between A and D you would make a P2 for D to B.
I do not understand you
 -
If you are going to refer to sites as A, B, C, and D it would be helpful to have that information on your diagram.
-
hello, I modified the scheme
I have added the HEADQUARTERS E
This is really my topography
I currently have a vpn Ipsec between the HEADQUARTERS A and E
all other HEADQUARTERS , except E, are communicated by WIMAX
I want to pass the routing table to E headquarters, from the others HEADQUARTERS so I can see them all
 -
So you already have a Phase 2 entry on the VPN for this:
10.1.0.0/16 <-> 10.5.0.0/16
Make 3 more:
10.2.0.0/16 <-> 10.5.0.0/16
10.3.0.0/16 <-> 10.5.0.0/16
10.4.0.0/16 <-> 10.5.0.0/16Obviously with the reciprocal entries at Site E.
Add routes to sites B, C, and D those sites for 10.5.0.0/16 with a gateway of whatever they talk to at site A.
Make sure all necessary firewall rules pass the desired traffic.
-
and how do I do this without leaving the connection by wimax with the others HEADQUARTERS ?
-
What?
-
if I configure this in VPN tunnel,in both extremes
10.1.0.0/16 <-> 10.5.0.0/16
Make 3 more:
10.2.0.0/16 <-> 10.5.0.0/16
10.3.0.0/16 <-> 10.5.0.0/16
10.4.0.0/16 <-> 10.5.0.0/16I lose communication by wimax between headquarters
A-D
A-B
A-C
….....I do not know if I explain
-
No you don't.
10.2.0.0/16 <-> 10.5.0.0/16 is not the same thing as 10.2.0.0/16 <-> 10.1.0.0/16
