RE: IPSEC tunnels for LAN-to-LAN interop issue

[Sudeep_Khuraijam@3com.com]

Steve,

I read some of the mail on this thread and I can summarize a few points.
We support OSPF, RIPv1&2,  & Integrated ISIS on a virtual port with IPIP IPSec
tunnel mode (with policy tied to the virtual port).
The implementation allows different policies(& SAs) for different traffic type
to the same peer.  However commonly lumping all the traffic
including routing traffic under one generic policy and one SA is also possible
for simplicity and most widely used.
Of course QOS with TOS mapping and class based queueing etc. is supported on the
VPN box which addresses the QOS along the path.

An IPIP Virtual Port is treated as a Point to Point link in the context of OSPF
unless you define it as a Point to Multi Point in which
case it will be treated as a NBMA link.  The latter is useful if one desires to
define one Virtual Port that connects to
say thousands of remote SGWs (With all the inner SGW VP IP addresses belonging
to one SUBnet emulating an NBMA network).
 Thus one can get away by defining one virtual port and one policy for all the
remote sites if so desired at the minimum or
individual definitions if granularity is the choice.
Also the IPIP virtual port can be used without any SPDs such that one can tunnel
across a shared IP infrastrucure.
You will find that is also useful in repairing partitioned areas, extending
areas, in OSPF etc.

We also support the above IP routing protocols plus most all multiprotocol and
their routing protocols using L2TP or PPTP
Virtual port IPSec Transport mode on the underlying physical port.

/sudeep

---

• Next by Date: Re: IPSEC tunnels for LAN-to-LAN interop issue
• Next by thread: Re: IPSEC tunnels for LAN-to-LAN interop issue
• Index(es):
  • Main
  • Thread