remote homeworkers, VPN and OSPF

[NettableWalker]

Hi Everyone,

I need to set up about 10 home workers with IPSEC VPNs to HQ, this is the easy bit. But what is the best practice for routing protocols? We use OSPF within the enterprise, is it best to set up each connection as a new OSPF area and configure it as a stub? Or is is best left as Area 0?
(I use GRE to allow the OSPF multicasting across the VPN).

I know a simple static route would suffice but "happiness is a full routing table" and i do love end to end connectivity.

Any thoughts on how best to configure the routing?

MCP,CCA,CCNA, Net+, Half CCNP...

 

[KiscoKid]

If it were me, I would configure the VPN endpoints as a totally stubby area if the only exit from those networks is back through your HQ connection.

 

[NettableWalker]

Thanks Kiscokid,

That's a good solution.

Is there anything to worry about with protection of the network with these types of things or will simple desktop firewall /AV stuff suffice?



MCP,CCA,CCNA, Net+, Half CCNP...

 

[KiscoKid]

Hmm do you have a corporate security policy defined? This should generally guide you as to what is expected. That said you are generally encouraged to deploy a layered security model, i.e. don't rely on a single firewall at the perimeter of your corporate network for all your security needs.

AV is an absolute requirement in my opinion. Software firewalls are ok but a pain to administer and some allow users to make their own security changes (i.e. permit Kazaa etc). I would certainly entertain some sort of rudimentary access control on each site router to lock down the kind of traffic I'm expecting to see to/from the site. Take a look at CBAC (Content Based Access Control) - this makes security implementations a little easier in Cisco IOS.