Ok ... so looks like one needs a VSM card to do anything IPsec-ish on
the ASR9ks.
So that rules that out.
If anyone has any clever ideas, though, I'm all ears.
Apologies for the noise.
On 11/26/24 20:30, Bryan Holloway via cisco-nsp wrote:
Follow-up:
So supposedly one CAN run OSPF across an IPsec tunnel if you use non-
broadcast mode, but I'm nervous about crypto ACLs and the potential
ongoing maintenance required.
Would still prefer a simpler IPsec-encrypted GRE tunnel solution ... :)
On 11/26/24 19:34, Bryan Holloway via cisco-nsp wrote:
Use-case:
Network with several inter-colo WAN links and decent redundancy, but
hey -- things break. Need to keep certain management (think VRF)
things working across severed portions of the network after enough
backhoes have had their way with us.
Running mostly IOS-XR 6.5.3 everywhere.
I'd like to build a couple of tunnels and run high-cost OSPF across
them for fail-over situations. Since OSPF generally doesn't work over
IPsec, I've been looking at IPsec-encrypted GRE tunnels, but I haven't
found any good examples (at least not using IOS-XR.) Plenty of ones
for IOS, but ...
Curious if anyone in the community has made this work ...
Or should I be looking in a different direction?
Thank you in advance!
- bryan
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
