Virtual Tunnel Interface VPN

[rflanary]

My network setup is like below.

Internal Router ------> ASA -------> Internet Router ------> ISP Router

Right now i have site to site connections established on a VPN 3005 concentrator. I want to migrate these to VTI interfaces so that i can run a routing protocol and use Qos.

The concentrator is not capable of doing this. I tried the ASA SDM to configure a site to site VPN and it will not do what i want it to. My question is.

Is there away i can establish a VTI VPN on our external router and have it navigate thru our firewall or punch a hole in the firewall thru to the internal router.

What way would someone recommend i go for the best security but i have to use a VTI Tunnel.

Thanks for help.

Robert

 

[brianinms]

What are you trying to accomplish? QOS and VPNs don't go hand in hand as you can't control how your traffic is treated across the internet. Additionally why are you wanting to run a routing protocol across the internet?

 

[rflanary]

Not really so much the EIGRP but for Qos i know i can not control the internet but i would atleast like to control what goes in the tunnel.

I also need to get netflow information across the tunnel. As i understand that there is a flaw in netflow that will not go thru VPN tunnels.

 

[rflanary]

Anyone?

 

[brianinms]

Essentially you would use your inside router to form a gre tunnel with ipsec on a loopback interface to a router on the other end.

 

[rflanary]

Are you saying allow the isakmp site to site traffic thru the firewall to my core router? These spoke sites have static ip's. Would this be a secure way?