Configuring VPN hub redundancy and load sharing topologies using GRE

Last Updated : Nov 06, 2012 |

Procedure

  1. Configure the Branch Office as follows:
    1. VPN policy is configured on the Internet interface egress as follows:

      GRE Traffic from the local tunnel endpoint to remote tunnel endpoint 1 -> encrypt, using IPSec tunnel mode, with the remote peer being tunnel endpoint 1

      GRE Traffic from the local tunnel endpoint to remote tunnel endpoint 2 -> encrypt, using IPSec tunnel mode, with the remote peer being tunnel endpoint 2

    2. An access control list (ACL) is configured on the Internet interface to allow only the VPN / ICMP traffic. See VPN hub redundancy and load sharing topologies for configuration settings.

      For information about using access control lists, see Policy lists.

    3. Configure dynamic routing (OSPF or RIP) to run over local data interfaces (data VLANs) and on the GRE interfaces
  2. Configure the VPN Hubs (Main Offices) as follows:
    1. The VPN policy portion for the branch is configured as a mirror image of the branch
    2. The ACL portion for the branch is a mirror image of the branch, with some minor modifications
    3. The GRE Tunnel interface is configured for the branch
    4. Dynamic routing (OSPF or RIP) is configured to run over the GRE interface to the branch
Related information
IPSec VPN