RE: IPSec and GRE

From: jhuston (jhuston@xxxxxxxxxxx)
Date: Fri Jun 15 2001 - 13:40:25 GMT-3

• Next message: jhuston: "RE: Home lab routers"
• Previous message: Chuck Church: "RE: IPSec and GRE"
• Maybe in reply to: Andrew G. Mason: "IPSec and GRE"
• Next in thread: Keith Fuller: "Re: IPSec and GRE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
It makes more sense to do it your way but, I've never had much luck with
smaller routers and Cisco's VPN secure client.

> -----Original Message-----
> From: Chuck Church [mailto:cchurch@MAGNACOM.com]
> Sent: Friday, June 15, 2001 11:29 AM
> To: Andrew G. Mason; ccielab@groupstudy.com
> Subject: RE: IPSec and GRE
>
>
> Andrew,
>
> If it's only IP and no routing protocols, it makes no
> sense to tunnel
> it in GRE. It's more overhead, more complexity, and like you
> said, not
> compatible with PIXs (or probably any other vendor's VPN
> product. I've
> always done IPSec tunnel mode for our customers, using all
> combinations of
> PIX, router, and the VPN concs.
>
> Chuck
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Andrew G. Mason
> Sent: Friday, June 15, 2001 3:15 AM
> To: Chuck Church; ccielab@groupstudy.com
> Subject: RE: IPSec and GRE
>
>
> Hi Chuck,
>
> I was just thinking of true IPSec for IP and not considering
> routing or any
> other services.
>
> I work for a rather large ISP in the UK and I implement IPSec
> daily. It just
> seems that every third-party we want to set up a VPN with
> goes for a GRE
> tunnel. I think this is out of a failure to understand how IPSec works
> rather for the benefits of the GRE tunnel. We provide the
> VPNs for back end
> access to hosted solutions, using static routes so I still
> cannot see the
> benefit of GRE in this situation.
>
> Also, it gets fun when third-parties try to configure a GRE
> tunnel to one of
> our PIXs :-)
>
>
> Andrew..
>
> -----Original Message-----
> From: Chuck Church [mailto:cchurch@MAGNACOM.com]
> Sent: 15 June 2001 00:25
> To: Andrew G. Mason; ccielab@groupstudy.com
> Subject: RE: IPSec and GRE
>
>
> If you want to tunnel a non-IP protocol, you need GRE. I
> think routing
> protocols need the simulated point-to-point functionality of
> a tunnel as
> well.
>
> Chuck
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Andrew G. Mason
> Sent: Thursday, June 14, 2001 6:40 PM
> To: ccielab@groupstudy.com
> Subject: IPSec and GRE
>
>
> Hi,
>
> I see quite a few posts and recommendations to use GRE
> tunnels with IPSec.
> This confuses me because IPSec performs tunnelling in its default
> configuration anyway so I cannot see any reason for
> tunnelling through a
> tunnel?
>
> Can anybody give a good reason to use a GRE tunnel instead of
> the default
> IPSec tunnel mode configuration?
>
> Cheers
>
>
> Andrew G. Mason
> CCIE #7144
> **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: jhuston: "RE: Home lab routers"
• Previous message: Chuck Church: "RE: IPSec and GRE"
• Maybe in reply to: Andrew G. Mason: "IPSec and GRE"
• Next in thread: Keith Fuller: "Re: IPSec and GRE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:24 GMT-3