Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Virtual Tunnel Interface VPN

Status
Not open for further replies.

rflanary

IS-IT--Management
Apr 21, 2006
89
US
My network setup is like below.

Internal Router ------> ASA -------> Internet Router ------> ISP Router

Right now i have site to site connections established on a VPN 3005 concentrator. I want to migrate these to VTI interfaces so that i can run a routing protocol and use Qos.

The concentrator is not capable of doing this. I tried the ASA SDM to configure a site to site VPN and it will not do what i want it to. My question is.

Is there away i can establish a VTI VPN on our external router and have it navigate thru our firewall or punch a hole in the firewall thru to the internal router.

What way would someone recommend i go for the best security but i have to use a VTI Tunnel.

Thanks for help.

Robert
 
What are you trying to accomplish? QOS and VPNs don't go hand in hand as you can't control how your traffic is treated across the internet. Additionally why are you wanting to run a routing protocol across the internet?
 
Not really so much the EIGRP but for Qos i know i can not control the internet but i would atleast like to control what goes in the tunnel.

I also need to get netflow information across the tunnel. As i understand that there is a flaw in netflow that will not go thru VPN tunnels.
 
Essentially you would use your inside router to form a gre tunnel with ipsec on a loopback interface to a router on the other end.
 
Are you saying allow the isakmp site to site traffic thru the firewall to my core router? These spoke sites have static ip's. Would this be a secure way?
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top