Firewall Wizards mailing list archives
RE: L2L VPN redundancy for T1 link
From: "Stewart, John" <johns () artesyncp com>
Date: Wed, 20 Apr 2005 12:22:15 -0500
John Kougoulos wrote:
How about connecting A & B L2L with a GRE over IPsec (terminating the GRE on the routers) ? This way all the routes to B site will go through the router instead of the firewall. (Ok, you'll lose some bytes for GRE encapsulation).
So this has the benefit of sending all of the L2L traffic through the firewall, rather than bypassing it? The T1 routers be a single point of failure, no? I'm not quite sure what GRE buys us here. Wouldn't it be possible to build a VPN tunnel via IPsec between the two routers, and pass the IPsec traffic through the firewall (which would unfortunately need to do some NAT as we're using private addresses internally on these routers)? Why GRE? Thank you johnS _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- L2L VPN redundancy for T1 link Stewart, John (Apr 20)
- Re: L2L VPN redundancy for T1 link John Kougoulos (Apr 20)
- RE: L2L VPN redundancy for T1 link Sanford Reed (Apr 20)
- RE: L2L VPN redundancy for T1 link Paul Melson (Apr 20)
- <Possible follow-ups>
- RE: L2L VPN redundancy for T1 link Stewart, John (Apr 20)
- RE: L2L VPN redundancy for T1 link Stewart, John (Apr 20)
- RE: L2L VPN redundancy for T1 link Stewart, John (Apr 20)
- RE: L2L VPN redundancy for T1 link Sanford Reed (Apr 21)