- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Routing across IPSec tunnel posted 05/03/2001
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

Anyone can tell how to enable routing across IPSec tunnel?  

The basic problem is that when an IPSec tunnel is created 
using the public IPs on both ends, a routing protocol, say, 
EIGRP, does not know how to route across that tunnel, since 
it does not see any interface associated with the remote 
private ip network (the IPSec SA has the info but EIGRP 
could not see it).  While one can ping the remote private 
address, there is no route showing up in the routing table.

One way to get around this is to create a GRE tunnel across 
the public IP, and assign the tunnel interface a private IP. 
In this case, the routing does go through.  This solution 
has its own problem, however, because the static GRE tunnel
will connect the remote private networks even when NO IPSec 
tunnel exists or after the SA expires and so no traffic will 
be encrypted.

Any ideas?  Thanks!!

**Please read:
To unsubscribe from the CCIELAB list, send a message to
majordomo@xxxxxxxxxxxxxx with the body containing:
unsubscribe ccielab