I have network based on VPNs (GRE tunnel). I need to encrypt all traffic in tunnel not depends on his source and destinations.
For example:
I have site-to-site vpn between 2 routers (A and B)
Behind A i have stub lan A.
Behind B i have Proxy for my Internet connections.
Router A have 2 gre tunnel to router B over different ISP.
Router A have 2 default route in this tunnels with different metric.
I cant make IPsec rule because i do not know destination for packet from lan A (traffic not going directly for Proxy and forward to Proxy matching firewall rule). Possible be helpful - encrypt gre protocol on physical interface, but some routers have a dynamic IPs and uses dyndns service to create the connection.
Another example:
I have two backbone routers A and B with some VPN tunnel between it. And have some local network on both side.
Ill add new lan, and i need to add ipsecs rule fore each new network on both routers. It easy when i have only two routers but “If it is more more than..”?
Have idea how to help me in this?
Thank for answers!