Firewall Wizards: RE: L2L VPN redundancy for T1 link

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Firewall Wizards mailing list archives

RE: L2L VPN redundancy for T1 link

From: "Stewart, John" <johns () artesyncp com>
Date: Wed, 20 Apr 2005 12:22:15 -0500


John Kougoulos wrote:

How about connecting A & B L2L with a GRE over IPsec (terminating the 
GRE on the routers) ? This way all the routes to B site will go through 
the router instead of the firewall. (Ok, you'll lose some 
bytes for GRE encapsulation).


So this has the benefit of sending all of the L2L traffic through the
firewall, rather than bypassing it?

The T1 routers be a single point of failure, no?

I'm not quite sure what GRE buys us here. Wouldn't it be possible to build a
VPN tunnel via IPsec between the two routers, and pass the IPsec traffic
through the firewall (which would unfortunately need to do some NAT as we're
using private addresses internally on these routers)? Why GRE?

Thank you

johnS
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

By Date By Thread

Current thread:

L2L VPN redundancy for T1 link Stewart, John (Apr 20)
- Re: L2L VPN redundancy for T1 link John Kougoulos (Apr 20)
- RE: L2L VPN redundancy for T1 link Sanford Reed (Apr 20)
- RE: L2L VPN redundancy for T1 link Paul Melson (Apr 20)
- <Possible follow-ups>
- RE: L2L VPN redundancy for T1 link Stewart, John (Apr 20)
- RE: L2L VPN redundancy for T1 link Stewart, John (Apr 20)
- RE: L2L VPN redundancy for T1 link Stewart, John (Apr 20)
  - RE: L2L VPN redundancy for T1 link Sanford Reed (Apr 21)