RE: IPSec and GRE

From: Chuck Church (cchurch@xxxxxxxxxxxx)
Date: Fri Jun 15 2001 - 13:28:34 GMT-3

• Next message: jhuston: "RE: IPSec and GRE"
• Previous message: Varghese Thomas: "Home lab routers"
• Maybe in reply to: Andrew G. Mason: "IPSec and GRE"
• Next in thread: jhuston: "RE: IPSec and GRE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Andrew,

     If it's only IP and no routing protocols, it makes no sense to tunnel
it in GRE. It's more overhead, more complexity, and like you said, not
compatible with PIXs (or probably any other vendor's VPN product. I've
always done IPSec tunnel mode for our customers, using all combinations of
PIX, router, and the VPN concs.

Chuck

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Andrew G. Mason
Sent: Friday, June 15, 2001 3:15 AM
To: Chuck Church; ccielab@groupstudy.com
Subject: RE: IPSec and GRE

Hi Chuck,

I was just thinking of true IPSec for IP and not considering routing or any
other services.

I work for a rather large ISP in the UK and I implement IPSec daily. It just
seems that every third-party we want to set up a VPN with goes for a GRE
tunnel. I think this is out of a failure to understand how IPSec works
rather for the benefits of the GRE tunnel. We provide the VPNs for back end
access to hosted solutions, using static routes so I still cannot see the
benefit of GRE in this situation.

Also, it gets fun when third-parties try to configure a GRE tunnel to one of
our PIXs :-)

Andrew..

-----Original Message-----
From: Chuck Church [mailto:cchurch@MAGNACOM.com]
Sent: 15 June 2001 00:25
To: Andrew G. Mason; ccielab@groupstudy.com
Subject: RE: IPSec and GRE

If you want to tunnel a non-IP protocol, you need GRE. I think routing
protocols need the simulated point-to-point functionality of a tunnel as
well.

Chuck

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Andrew G. Mason
Sent: Thursday, June 14, 2001 6:40 PM
To: ccielab@groupstudy.com
Subject: IPSec and GRE

Hi,

I see quite a few posts and recommendations to use GRE tunnels with IPSec.
This confuses me because IPSec performs tunnelling in its default
configuration anyway so I cannot see any reason for tunnelling through a
tunnel?

Can anybody give a good reason to use a GRE tunnel instead of the default
IPSec tunnel mode configuration?

Cheers

Andrew G. Mason
CCIE #7144
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: jhuston: "RE: IPSec and GRE"
• Previous message: Varghese Thomas: "Home lab routers"
• Maybe in reply to: Andrew G. Mason: "IPSec and GRE"
• Next in thread: jhuston: "RE: IPSec and GRE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:24 GMT-3