Routing across IPSec tunnel posted 05/03/2001
- Subject: Routing across IPSec tunnel
- From: Walter Chen <wchen@xxxxxxxxx>
- Date: Thu, 3 May 2001 11:09:18 -0400
Anyone can tell how to enable routing across IPSec tunnel?
The basic problem is that when an IPSec tunnel is created
using the public IPs on both ends, a routing protocol, say,
EIGRP, does not know how to route across that tunnel, since
it does not see any interface associated with the remote
private ip network (the IPSec SA has the info but EIGRP
could not see it). While one can ping the remote private
address, there is no route showing up in the routing table.
One way to get around this is to create a GRE tunnel across
the public IP, and assign the tunnel interface a private IP.
In this case, the routing does go through. This solution
has its own problem, however, because the static GRE tunnel
will connect the remote private networks even when NO IPSec
tunnel exists or after the SA expires and so no traffic will
Any ideas? Thanks!!
To unsubscribe from the CCIELAB list, send a message to
majordomo@xxxxxxxxxxxxxx with the body containing: