+ Reply to Thread
Results 1 to 8 of 8
  1. Network Engineer CodeBlox's Avatar
    Join Date
    Jun 2010
    Posts
    1,337

    Certifications
    CCNA
    #1

    Default EIGRP over GRE Tunnel

    I believe I have a situation that is going to require this scenario of letting EIGRP neighbor up over a GRE Tunnel at work. Is this ever a bad idea in you guys professional opinion? I'd only advertise a default route and one other route over it. Not the whole routing table.
    Currently reading: Network Warrior, Unix Network Programming by Richard Stevens
    Reply With Quote Quote  

  2. SS
  3. Network Consultant FloOz's Avatar
    Join Date
    Dec 2011
    Posts
    1,588

    Certifications
    B.S. CSIT; CompTIA A+, Network+; CCNA, DA; CCNP R&S; CCDP
    #2
    We do a gre over ipsec tunnel to one of our smaller regional offices and have not had any issues. We use eigrp as well. I think this solution is actually quite common so I wouldn't worry to much. Just make your your config is correct
    Reply With Quote Quote  

  4. Network Engineer CodeBlox's Avatar
    Join Date
    Jun 2010
    Posts
    1,337

    Certifications
    CCNA
    #3
    Cool. IPSec won't be running over the tunnel. Its intended purpose is for failover. This particular site has two options for failover and this is one of them and should be preferred over the alternative. With some new requirements the floating static route is no longer a reasonable option.
    Currently reading: Network Warrior, Unix Network Programming by Richard Stevens
    Reply With Quote Quote  

  5. The Bringer of Light DevilWAH's Avatar
    Join Date
    Jan 2010
    Location
    UK
    Posts
    2,968

    Certifications
    CCENT, CCNA, CCNA Security, ITIL Foundation, CCNP SWITCH,ROUTE, Zoology BSc,
    #4
    I played around with this in labs when I was first playing with GRE tunnels. no reason it should not work just fine.
    Reply With Quote Quote  

  6. Senior Member RouteMyPacket's Avatar
    Join Date
    Aug 2012
    Location
    Dallas
    Posts
    1,077

    Certifications
    CCWKIA (Cisco Certified Wannabe Know It All)
    #5
    Quote Originally Posted by FloOz View Post
    We do a gre over ipsec tunnel to one of our smaller regional offices and have not had any issues. We use eigrp as well. I think this solution is actually quite common so I wouldn't worry to much. Just make your your config is correct
    This is what you need in order to run your dynamic protocols across the tunnel/s and also be encrypted, best of both worlds. I configured a MPLS failover solution for a client and went with this, it's basic yet effective. Ran OSPF across the tunnel. You could also look into DMVPN for modularity if needed.
    Reply With Quote Quote  

  7. Senior Member nerdydad's Avatar
    Join Date
    Sep 2010
    Location
    Cincinnati, OH
    Posts
    256

    Certifications
    CCNA, CCNP, JNCIA-JUNOS, NRS I, CCIE Written
    #6
    I used to work at a Fortune 10 company, that until recently, used this model at most of their sites worldwide.
    Reply With Quote Quote  

  8. The Bringer of Light DevilWAH's Avatar
    Join Date
    Jan 2010
    Location
    UK
    Posts
    2,968

    Certifications
    CCENT, CCNA, CCNA Security, ITIL Foundation, CCNP SWITCH,ROUTE, Zoology BSc,
    #7
    Quote Originally Posted by RouteMyPacket View Post
    This is what you need in order to run your dynamic protocols across the tunnel/s and also be encrypted, best of both worlds. I configured a MPLS failover solution for a client and went with this, it's basic yet effective. Ran OSPF across the tunnel. You could also look into DMVPN for modularity if needed.
    If I was going to do it I Would be inclined to wrap it up in ipsec if the routers have he capacity to do it both in feature set and resources. If not I would be running EIGRP authentication, and have serious thought about data security across the tunnel. I am assuming you are setting this up across a public link to branch office and not with in a single campus. Even a leased line or circuit I would not trust to run plain text data through. I have meet the guys that work in ISP's
    Reply With Quote Quote  

  9. Network Engineer CodeBlox's Avatar
    Join Date
    Jun 2010
    Posts
    1,337

    Certifications
    CCNA
    #8
    It's over a private network. The backup GRE is intended to traverse our MPLS network. It's not going over a public link.
    Currently reading: Network Warrior, Unix Network Programming by Richard Stevens
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks