I'm fairly new to site-to-site VPN technology. I've done a few of them between two PIX firewalls with fairly good success.
I now have 2 new Cisco routers, a 2821 with IOS Firewall/VPN and a 2811 with IOS Firewall/VPN. I created a site-to-site VPN tunnel using IPSec between these and although the tunnel came up, a lot of things weren't working after that. I traced the problem to the fact that since I'm using EIGRP on the routers, I needed to establish a GRE over IPSec tunnel in order for the routing updates to still pass.
I now have a need to create a site-to-site VPN between that 2821 and another site that has a 2801 with basic IP IOS and a PIX 506. A basic diagram would look something like this:
(2821 router)(2801 router)-(PIX506)
So that 2801 is between the WAN connection and the PIX.
From all of the research I've done, it doesn't appear that I can create a GRE over IPSec tunnel starting from the 2821 and ending at the PIX since the PIX doesn't support termination of GRE over IPSec tunnels.
However, I'm afraid that if I establish just a straight IPSec tunnel between the 2821 and the PIX 506, that I will lose my EIGRP routing updates between these two sites like I did when I had the IPSec tunnel between the 2821 and the 2811.
I guess I was thinking I might need to build a GRE tunnel between the 2821 and 2801 and THEN establish an IPSec tunnel between the 2821 and the PIX 506 so that those EIGRP updates can still get through.
Hopefully all of this makes sense. Anyone have any thoughts on this? Is what I'm trying to do even possible given the equipment that I have?
Thanks for any suggestions/pointers/etc.