Skip to main content

Topology

Topology

  • A simple permanent site to site tunnel between the remote office (Zone 1) and HQ (Zone 2)

GRE-IPSEC.png

Comments
  • Topology represented by two zones: Zone 1 (Branch site) and Zone 2 (HQ)
  • Each of the zones has Internet connectivity with static public IPs
  • Client access is allowed via both ISP1 and ISP2
  • Mikrotik is represented as FW1 and is placed in Zone1, Linux is FW2 and is placed in Zone2 

  • Some might question GRE use in this design, yet in some cases it is required for a dynamic routing over the tunnel (eg. diagram below) 

dual-homed.png

  • Assume we have to segments and require the connectivity between them
  • Assume each site has two uplinks via different ISPs
  • Assume we require fault tolerant connectivity across two sites
  • Here where GRE comes into picture to allow us establish OSPF neighborships over the IPSec tunnels   

Back to top