gre or ipsec

[iwanthome]

I have following topo:
lan a---router a-------router b--lan b----router c----router d---lan c
lan a will communicate with lan c with ip protocol.But I don't want lan c can communicate with lan b.How could I do ?
I setup gre tunnel between lan a and lan c,but lan c can also visit lan b.
any comment are apprecatied,thanks!

 

[rburke]

Have you thought of access-lists? Just block any LAN C IPs from entering the LAN B interfaces.

Just a thought.

Burke

 

[iwanthome]

I know ACL can do this.But I try to use VPN to archive this.It is just a lab.
thanks!

 

[mtashiro]

A combination of ACL's and GRE tunnels would accomplish this. Setup a GRE tunnel between LAN-A and LAN-C like you did already. Apply access lists to the interfaces so only GRE traffic is allowed, this should block LAN-B traffic.

If you want to encrypt the traffic you can use IPSec with GRE as well.

 

[iwanthome]

thanks,I got it.