ROUTE Notes – Branch Office Routing

Corrigeme, por favor.

Study Notes

  • What do IPSec tunnels give you when a branch office is on a broadband connection?

Privacy through encryption
Authentication of the remote peer through ISAKMP
Delivery of private data over the public Internet

  • What do you need to configure to get your branch router talking to the Internet?

ISP connection configuration such as PPPoE or PPPoA
DHCP server configuration for internal users
Firewall services like inspection and filtering

  • What kind of routes would you normally see on a small branch router with a single IPSec tunnel home?

You would usually just see a default route to the ISP; IPSec will intercept interesting traffic and take care of sending the packets home without having routes for home networks configured.

  • What’s a really easy way to get routes to fail from a WAN link to a GRE tunnel when the WAN link dies?

Floating static routes

  • What do GRE tunnels allow you to do that native IPSec tunnels don’t?

Run a routing protocol

  • Your DSL provider has given you a VPI/VCI of 1/50 to use on your branch router’s ATM 0/0 interface.  Show me the full configuration to get basic web surfing working (ignore DNS and DHCP).

interface ATM0/0
no ip address
pvc 1/50
encapsulation aal5mus ppp dialer
dialer pool-member 1
interface Dialer9
encapsulation ppp
ip address negotiated
dialer pool 1
ppp authentication chap callin
ppp chap password MYPASSWORD
ip nat outside
interface E0/0
ip add
ip nat inside
ip route Dialer9

  • For what would you use an ACL when configuring IPSec tunnels?

You define interesting traffic with ACLs.

  • What are the two basic configuration items in a crypto map for an IPSec tunnel?

Matching ACL
IPSec peer IP