John Kougoulos wrote:
> How about connecting A & B L2L with a GRE over IPsec (terminating the
> GRE on the routers) ? This way all the routes to B site will go through
> the router instead of the firewall. (Ok, you'll lose some
> bytes for GRE encapsulation).
So this has the benefit of sending all of the L2L traffic through the
firewall, rather than bypassing it?
The T1 routers be a single point of failure, no?
I'm not quite sure what GRE buys us here. Wouldn't it be possible to build a
VPN tunnel via IPsec between the two routers, and pass the IPsec traffic
through the firewall (which would unfortunately need to do some NAT as we're
using private addresses internally on these routers)? Why GRE?
Thank you
johnS
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Apr 20 2005
Intro
