I am attempting to setup a failover connection for work, and have a few questions I am unsure about.
First, a little about my situation:
We currently have a WAN setup between multiple sites (T1's) on a private network, and an internet facing T1 coming in via an additional non-private T1 at our main site. We are currently looking at implementing failover DSL links from our remote sites to our main site (over the internet). Additionally, we are running OSPF.
So far, we are planning on using VPN connections from the DSL lines, which will start at the remote router, and terminate at a firewall behind our Internet T1. However, to propogate OSPF routes over the VPN, GRE is needed, which our firewall does not support.
To remedy this, I was thinking it might work to terminate the VPN at our firewall, and still pass the GRE traffic to an internal router which does support GRE, and which can then pass any OSPF routes over the GRE/IPSec link.
First of all, is this possible? One of the problems I am running into is that the routers on both sides (remote and internal) are connected via the private WAN link, so I would have to figure out a way to make the tunnel go through the VPN and not the WAN link, any suggestions? I would prefer to stay away from static routes if possible.
A little visual aid:[Remote Cisco router]=-=-=-=[Firewall]-----[Internal Cisco Router]
------: GRE =-=-: GRE/IPsec