1. Home
  2. Cisco Systems
  3. tunnelling

tunnelling

Hello,

I have two sites and both of them have access to internet. Now I have to make tunel between them so that hosts with private IP addresses can comunicate directly without NAT.

-Which is the best solution to use (GRE, L2TP or something else)?

-Is it feasible that I have addresses from the same network on both sides (i.e 10.10.0.0/16) ?

-If I use GRE do I need one more public IP address from my provider on interface towards the Internet (for tunnel)?

-Is it possible to use the same connection and IP address towards my ISP, and to tunnel only specific private addresses (i.e. 10.10.0.0) towards my remote site? of course all other IP addresses have to be routed to Internet.

Thanks in advance

Reply to
ivan
Loading thread data ...

You only need one address, I happened to do this the other day.

! interface Tunnel1 ip address 192.168.7.33 255.255.255.252 tunnel source FastEthernet0/1 tunnel destination 171.49.241.226 ! interface FastEthernet0/0 ip address 192.168.24.238 255.255.255.252 ip tcp adjust-mss 1430 ! just put this here in case it helped. ! interface FastEthernet0/1 description Internet Facing Link ip address 182.50.99.130 255.255.255.0 !

! ip classless ip route 171.49.241.226 255.255.255.255 182.50.99.1

The tunnel was then encrypted in this case. The requirement was to get a dynamic routing protocol running over a VPN.

I find tunnels hurt my head and was initially concerned that I would not be able to do it with only one address.

I draw a big diagram with all of the addresses on it and show the tunnel int on it too.

Reply to
anybody43

Thank you very much.

Reply to
ivan

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.