From: Andrew G. Mason (andrew@xxxxxxxxxxxxx)
Date: Fri Jun 15 2001 - 04:14:41 GMT-3
Hi Chuck,
I was just thinking of true IPSec for IP and not considering routing or any
other services.
I work for a rather large ISP in the UK and I implement IPSec daily. It just
seems that every third-party we want to set up a VPN with goes for a GRE
tunnel. I think this is out of a failure to understand how IPSec works
rather for the benefits of the GRE tunnel. We provide the VPNs for back end
access to hosted solutions, using static routes so I still cannot see the
benefit of GRE in this situation.
Also, it gets fun when third-parties try to configure a GRE tunnel to one of
our PIXs :-)
Andrew..
-----Original Message-----
From: Chuck Church [mailto:cchurch@MAGNACOM.com]
Sent: 15 June 2001 00:25
To: Andrew G. Mason; ccielab@groupstudy.com
Subject: RE: IPSec and GRE
If you want to tunnel a non-IP protocol, you need GRE. I think routing
protocols need the simulated point-to-point functionality of a tunnel as
well.
Chuck
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Andrew G. Mason
Sent: Thursday, June 14, 2001 6:40 PM
To: ccielab@groupstudy.com
Subject: IPSec and GRE
Hi,
I see quite a few posts and recommendations to use GRE tunnels with IPSec.
This confuses me because IPSec performs tunnelling in its default
configuration anyway so I cannot see any reason for tunnelling through a
tunnel?
Can anybody give a good reason to use a GRE tunnel instead of the default
IPSec tunnel mode configuration?
Cheers
Andrew G. Mason
CCIE #7144
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:24 GMT-3