From: Les M. <les...@gm...> - 2010-03-08 21:16:27
|
On 3/8/2010 2:21 PM, French, Daren wrote: > The idea is that one tunnel would run over a private link and the other > would go over the Internet. > > If anyone has does this type of deployment before 2005 we would like to > speak with you. I once had several sites configured with computer<->computer VPN's that only carried Cisco GRE tunnel packets over the internet. The Cisco routers at the locations also had private circuits, mostly frame relay that acted as the preferred route, but they used eigrp across the direct and gre interfaces to fail over as needed. The routes for the VPN were static and simple since it just nailed up the cisco<->cisco connections and all of the failover and the cisco routing protocols did all the work over what it saw as two interfaces. In some cases there were two Ciscos at a site with HSRP failover between them. Some multicast data ran over these connections so it was easier to let the Ciscos handle the routing even though the backup was often over a cheap DSL with dynamic addressing and a different NAT router. I was using CIPE as the vpn back then - not sure about the exact dates but probably in the 2000/2001 neighborhood. These days everything similar is done with GRE over IPsec directly on the Cisco router as the backup (or sometimes only) interface. But, this probably isn't what you want because the private-circuit didn't have (or need) a tunnel. I don't understand why you would want one there. -- Les Mikesell les...@gm... |