Chapter 48: Secure Router Configuration for
Both Secure Router and VPN router currently support dynamic routing over IPSec. Secure router
configuration for dynamic route exchange over IPSec Tunnel allows interoperability by using IP-on-IP over
a transport mode IPSec connection.
Capabilities
Secure router configuration for dynamic route exchange over IPSec Tunnel, has the following
capabilities:
• IPSec transport mode is used, not tunnel mode
• The Secure Router default IPIP tunnel MTU needs to be set to 1500 for OSPF, to match
the VPN Router tunnel MTU..
• If both "ip mtu" and "tunnel path-mtu-discovery" are configured/ enabled on Secure Router
the mtu value set by "ip mtu" configuration will be in effect.
Secure router configuration for BGP
Configure secure routing for BGP as follows:
interface ethernet 0
ip address 10.10.10.1 24
crypto trusted
exit
interface ethernet 1
ip address 192.168.26.100 24
crypto untrusted
exit
interface tunnel toCes
ip address 100.1.1.1 24
tunnel source 192.168.26.100
tunnel destination 192.168.27.100
Avaya Secure Router 1000 Series Configuration Guide
Dynamic Route Exchange over
IPSec Tunnel interoperability
with VPN Router
December 2010
341