Hey Guys,
just at the beginning, sorry for my english .
I have an VPN Network with 4 Locations in configured as "star". So one Main Location an 3 Sub Location which connect to Main.
Till now i just configured IPSEC Site-to-Site with Policy, but with this i got some Problems since i did my SIP Telefonie Rollout i have some Problems with my RTP Streams because if Sublocation 1 calls Sublocation 2 they will connect each other directly but there are nor Routes.
SO i wanted to implemant IPIP Tunnel so i can Route into thes Interfaces. I got the fact that IPIP can create his own IPSEC Tunnel but not with DDNS, so i decided to use my own IPSEC connections.
But now i think i have to Put the IPSEC Tunnel in some separated IP because i had the feeling IPSEC Policy will be "routed" before Routing Table.
In IP Addresses i have this concept with the Question to you if this is correct or to complicated?:
Main Location:
LAN-BRIDGE: 192.168.8.0/24 (GW: .254)
IPSEC-BRIDGE: 192.168.28.254 = GW
IPIP: 192.168.120.1 (/24)
SubLocation1:
LAN-BRIDGE: 192.168.9.0/24 (GW: .254)
IPSEC-BRIDGE: 192.168.29.254 = GW
IPIP: 192.168.120.2 (/24)
SubLocation2:
LAN-BRIDGE: 192.168.10.0/24 (GW: .254)
IPSEC-BRIDGE: 192.168.30.254 = GW
IPIP: 192.168.120.3 (/24)
SubLocation3:
LAN-BRIDGE: 192.168.11.0/24 (GW: .254)
IPSEC-BRIDGE: 192.168.31.254 = GW
IPIP: 192.168.120.4 (/24)
So in every Location i would do some Routes into the IPIP Tunnel Interface like:
MainLocation:
route 192.168.9.0/24 --> IPIP Interface
route 192.168.10.0/24 --> IPIP Interface
route 192.168.11.0/24 --> IPIP Interface
Location3:
route 192.168.10.0/24 --> IPIP Interface
route 192.168.9.0/24 --> IPIP Interface
route 192.168.8.0/24 --> IPIP Interface