Menu
▾
▴
Re: [Openvpn-users] Encrypted / Unecrypted Tunnel
|
From: Les M. <les...@gm...> - 2010-03-08 21:16:27
|
On 3/8/2010 2:21 PM, French, Daren wrote:
> The idea is that one tunnel would run over a private link and the other
> would go over the Internet.
>
> If anyone has does this type of deployment before 2005 we would like to
> speak with you.
I once had several sites configured with computer<->computer VPN's that
only carried Cisco GRE tunnel packets over the internet. The Cisco
routers at the locations also had private circuits, mostly frame relay
that acted as the preferred route, but they used eigrp across the direct
and gre interfaces to fail over as needed. The routes for the VPN were
static and simple since it just nailed up the cisco<->cisco connections
and all of the failover and the cisco routing protocols did all the work
over what it saw as two interfaces. In some cases there were two Ciscos
at a site with HSRP failover between them. Some multicast data ran over
these connections so it was easier to let the Ciscos handle the routing
even though the backup was often over a cheap DSL with dynamic
addressing and a different NAT router.
I was using CIPE as the vpn back then - not sure about the exact dates
but probably in the 2000/2001 neighborhood. These days everything
similar is done with GRE over IPsec directly on the Cisco router as the
backup (or sometimes only) interface.
But, this probably isn't what you want because the private-circuit
didn't have (or need) a tunnel. I don't understand why you would want
one there.
--
Les Mikesell
les...@gm...
|