• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Network design: 1 central office and 15 remote sites all on xDSL.

P

polm

Diamond Member
I am considering a design for a small WAN.

each site has it's own private 24 bit subnet of the same 16 bit address.

Each site has it's own public DSL circuit.

What is the best way to create encrypted connections from the remote sites back to the central router, as well as allowing each remote site to route throuh encrypted tunnel(s) to the other remote sites.

Full mesh, or Hub-And-Spoke?

Any advantage to using GRE tunnels, or am I fine using IPSEC VPN's without GRE?
 
IP sec is fine (and in reality you will be doing GRE as well)

Probably can do static routes...small hub/spoke like that won't really require a routing protocol
 
I just finished setting up a 3 site WAN.. all have DSL connections with static ips. I went with a mesh design. It was simple with only 3 sites.

The one thing that bit me was the MTU settings. I initially had some glitches because one site uses PPPoA, another PPPoE, the other was a simple bridge.

Are you using a hardware solution or something like IPCop or OpenBSD?
 
Originally posted by: EatSpam
I just finished setting up a 3 site WAN.. all have DSL connections with static ips. I went with a mesh design. It was simple with only 3 sites.

The one thing that bit me was the MTU settings. I initially had some glitches because one site uses PPPoA, another PPPoE, the other was a simple bridge.

Are you using a hardware solution or something like IPCop or OpenBSD?
Click to expand...


A combination of Cisco PIX and 17000 series routers.
 
Originally posted by: spidey07
IP sec is fine (and in reality you will be doing GRE as well)

Probably can do static routes...small hub/spoke like that won't really require a routing protocol
Click to expand...

I thought it wasn't GRE until I actually created the tunnel interfaces? I thought the difference between GRE IPSEC tunnel and non-GRE IPSEC tunnel was that the GRE tunnel could do more than just unicast.
 
Originally posted by: polm
Originally posted by: spidey07
IP sec is fine (and in reality you will be doing GRE as well)

Probably can do static routes...small hub/spoke like that won't really require a routing protocol
Click to expand...

I thought it wasn't GRE until I actually created the tunnel interfaces? I thought the difference between GRE IPSEC tunnel and non-GRE IPSEC tunnel was that the GRE tunnel could do more than just unicast.
Click to expand...

Well an IPsec tunnel is really a GRE tunnel with IPsec for encryption in a generic sense. Cisco's GRE tunnel is a little different and sure you can do GRE tunnels with IPsec for encryption. You're correct though that you do use GRE tunnels with IPsec to pass non unicast traffic (getting IGP routing protocols across multiple hops, multicast, etc)

I know it doesn't look like that from the configuration and I'm probably just confusing you.
🙂
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top