[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] VPN with OSPF
YES, YES. IPSec, by the IETF, will not carry multicasts and broadcasts. That is why routing protocols MUST be ENCAPSULATED in a GRE header BEFORE encapsulating again in ESP and encrypting. THE GRE header converts the multi/broad into a unicast. The overhead is not TOO bad (51-58 for ESP and 40? for the GRE header). The question is: can a Nokia appliance support GRE (virtual) interfaces? I do not know, myself. The Cisco handles this with an interface tunnel (this is a "virtual" interface inside of the same IPSec router). Cisco has this solution. It works. Disregard the IPX (IPX must also be GRE tunneled; IPSec = IP traffic ONLY!) http://www.cisco.com/warp/public/707/ipsec_gre.shtml DO NOT use 12.0 mid-range code. Also, TURN OFF route-caching (no ip route-cache). Many IOS defects are tied to this. Eric > Is anyone running site to site IPsec VPNs and using OSPF? > If so did you have to implement GRE? > > > Thanks > > AC =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
|