Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

IP Tunneling Assistance

Status
Not open for further replies.
IllegalOperation

IllegalOperation

Technical User
Jan 27, 2003
206
US
It would probably be best if I explain my current scenario. I have three routers total.

Router A: Cisco 827/main office location (ADSL)
Router B: Cisco 1721/remote location (T1)
Router C: Coresma router/same remote location (behind 1721)

Now Router C, which is on the LAN side of the 1721, will also be acting as a DHCP server for connected clients. I wont get into details of Router C, as my questions do not really pertain to it.

Now I have a server behind my Cisco 827 located at our main office. This server needs to communicate with clients on a private subnet that are behind Router C at our remote location. Obviously, some sort of tunneling needs to be done between Router A and Router B for all these devices to communicate. Router A will mostly just have management traffic pass through, but Router B will pretty much be taking huge hits on the bandwidth meter. My question to that is, what would be the best option for me to take?

I was planning on configuring IKE and IPSec and make a VPN, but it just seems very CPU intensive. Is there an easier way to do this, perhaps statically assigning a few routes and using access lists? Your opinion is appreciated....
 
Sort by date Sort by votes
Nevermind, I found the answer myself, which is pretty simple. Funny how I overlooked it....

"interface tunnel"

I do have a question regarding the tunnel command, however. I noticed that you can assign the tunnel an address to enable IP with the "IP address" command. Does that IP address need to be registered, or can it be private? Does it need to be on its own subnet (/30), or can it be on the same subnet as....lets say...the router's own address? Basically, what restrictions/parameters do I have with assigning an IP address to the tunnel interface?

I noticed that Cisco is extremely vague on this question.

 
Upvote 0 Downvote
You really don't have any restrictions. Personally I keep my tunnel interfaces on a totally different subnet.

IE:

My entire company runs on the 172.16.0.0 network.

172.16.4.0/23 Dallas
172.16.11.0/24 DFW
172.16.30.0/24 NYC
172.16.20.0/24 Miami

I have GRE Tunnels out of my Dallas Office to all those locations.

192.168.30.0/30
192.168.11.0/30
192.168.20.0/30

I run EIGRP on all my routers so to populate the routing table. The reason why I use a different subnet is to aid in troubleshooting and to keep my GRE Tunnels different than my production networks. I use the 30 bits of netmask to allow me to use redundant links running a DSL link out of each office (only my NYC office has this now) but I would be able to run

192.168.30.1/30
192.168.11.1/30
192.168.20.1/30

By knowing this information I can tell you at a glance what link is down and what interface is affected.

This is just personal preference but you can set it up any way you'd like. I don't believe you would be able to use the same network address as your current network because you would have to number the other end of the GRE Tunnel. It may work but your routing protocols my cause you problems if you enable them.

Some other people may have more information for you but this configuration works for me and it's been running like this for about three years without any problems. (saved me a whole heap of money when I dropped my Point-to-Point T1's)



david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*
 
Upvote 0 Downvote
Okay so it was late last night.....

The last part of that should have been.....

192.168.30.4/30
192.168.11.4/30
192.168.20.4/30

Sometimes my fingers get ahead of my brain [sleeping2]

david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*
 
Upvote 0 Downvote
That was great Sobak, and very helpful. Greatly appreciated. I noticed that you brought up Point-to-Point T1s in your response. I would like to know more about it. Thanks

Dave
 
Upvote 0 Downvote
Dave,

Will do....

david e
*end users are just like computers, some you can work with...others just need a simple reBOOTing to fix their problems.*
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

B
  • Locked
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
376
badwolf1686
B
jobsp90
  • Locked
  • Question
I have a issue in my office hospital network regarding using IPPBX software.
Replies
2
Views
477
DavetheChef
DavetheChef
Delta5
  • Locked
  • Question
Cisco setting for automatic ip arp cache refresh
Replies
3
Views
1K
iggsterman
iggsterman
acabezas2014
  • Locked
  • Question
Create ACL for ip range
Replies
2
Views
339
acabezas2014
acabezas2014
JDCre63
  • Locked
  • Question
SIP sets behind CISCO firewall connecting to public IP
Replies
1
Views
313
nyy1023
nyy1023

Part and Inventory Search

Sponsor

Back
Top