Skip to content

mizitheji/3-Site-VPN-using-GRE-tunnel-with-OSPF

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
assets
assets
 
 
configs
configs
 
 
Configs.md
Configs.md
 
 
Failure_Test.md
Failure_Test.md
 
 
README.md
README.md
 
 

Repository files navigation

3-Site-VPN-using-GRE-tunnel-with-OSPF

A 3-site Cisco VPN lab implementing full-mesh GRE tunnels with OSPF dynamic routing, secured using IPsec (IKEv1) and designed to be compatible with Essentials licensing.

🚀 Project Overview

This repository demonstrates an enterprise-style multi-site VPN design using:

  • Cisco routers only
  • GRE tunnels as the overlay
  • OSPF for dynamic routing
  • IPsec (IKEv1) for tunnel encryption
  • Static WAN underlay routing

OSPF is intentionally deployed only on GRE tunnels, ensuring routing protocols are never exposed to the public WAN.

🧱 Network Topology

WAN / Underlay

Topology_no_vpn

  • Public / simulated WAN IPs
  • Static default routing
  • No dynamic routing protocols

GRE / OSPF Overlay (Full Mesh)

Topology_vpn

  • GRE full-mesh topology
  • OSPF Area 0
  • Encrypted using IPsec (IKEv1)

🌐 IP Addressing

WAN (Underlay)

Site WAN IP
HQ 203.0.113.1/24
Branch 1 203.0.113.2/24
Branch 2 203.0.113.3/24

GRE Tunnel IPs (Overlay)

Tunnel Local Remote
Tunnel HQ - Branch 1 172.16.0.1/30 172.16.0.2/30
Tunnel HQ - Branch 2 172.16.0.5/30 172.16.0.6/30
Tunnel Branch 1 - Branch 2 172.16.0.10/30 172.16.0.9/30

LAN VLANs

Site VLAN Subnet Gateway
HQ 10 10.10.10.0/24 10.10.10.1
20 10.10.20.0/24 10.10.20.1
99 10.10.99.0/24 10.10.99.1
Branch 1 10 10.20.10.0/24 10.20.10.1
99 10.20.99.0.24 10.20.99.1
Branch 2 10 10.30.10.0/24 10.30.10.1
99 10.30.99.0/24 10.30.99.1

🔁 Routing Plan

  • OSPF Process ID: 100
  • Area: 0
  • LAN interfaces advertised as passive
  • Tunnel interfaces form OSPF adjacencies
  • Full-mesh topology provides redundancy

🔐 Security Design

  • GRE protected with IPsec (IKEv1)
  • AES-256 encryption, SHA hashing
  • Transport mode IPsec
  • Compatible with Cisco Essentials license

✅ Design Decisions

  • Full-mesh topology - Direct site-to-site paths; no transit dependency; maximum resiliency
  • Static WAN, OSPF overlay - Prevents exposure of routing protocols to the internet; separates underlay and overlay
  • GRE tunnels - Encapsulate LAN traffic and carry OSPF routing
  • Passive LAN OSPF - Prevents unnecessary flooding in LAN

🧰 Verification Commands (Cisco)

show ip ospf neighbor
show ip route ospf
show interface tunnel
show crypto isakmp sa
show crypto ipsec sa
ping <remote GRE IP>

Expected Results:

  • All GRE tunnels up
  • OSPF neighbors formed correctly
  • Encrypted traffic counters increasing
  • LAN routes visible in routing table
  • WAN interfaces do not participate in OSPF

About

A 3-site Cisco VPN lab implementing full-mesh GRE tunnels with OSPF dynamic routing, secured using IPsec (IKEv1) and designed to be compatible with Essentials licensing.

Topics

cisco ospf vpn ipsec-tunnel gre-tunnel

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Contributors