Re: IPSec and GRE

From: Keith Fuller (keithfuller@xxxxxxxxxxxxxxx)
Date: Sat Jun 16 2001 - 02:47:19 GMT-3

• Next message: Tariq Sharif: "RE: VIRATASwitch 1000"
• Previous message: Mike Gutknecht: "RE: eigrp with secondary ip"
• Maybe in reply to: Andrew G. Mason: "IPSec and GRE"
• Next in thread: Chuck Church: "RE: IPSec and GRE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Somebody correct this if it is wrong, but one good use for IPSec encrypting
a GRE tunnel is to support encrypted multicast traffic. Currently, IPSec
cannot do multicast packets. But GRE does. I can imagine a gateway-gateway
IPSec tunnel to carry a GRE tunnel which in turn carries your multicast
traffic.
----- Original Message -----
From: "Brant I. Stevens" <bistevens@thrupoint.net>
To: "jhuston" <jhuston@Paracom.com>; <ccielab@groupstudy.com>
Sent: Friday, June 15, 2001 10:05 AM
Subject: Re: IPSec and GRE

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> You can carry multicast traffic over a GRE Tunnel, allowing you to
> run routing protocols, use multicast, etc...
>
> - -Brant
> - ----- Original Message -----
> From: "jhuston" <jhuston@Paracom.com>
> To: <ccielab@groupstudy.com>
> Sent: Friday, June 15, 2001 10:11 AM
> Subject: RE: IPSec and GRE
>
>
> > I know in the cases that I have worked on, that a GRE tunnel clear
> > up timing problems between the various interfaces of a PIX, Router
> > and mobile users. I agree that it seems to be a conservative
> > approach but a workable one.
> >
> >
> >
> > > -----Original Message-----
> > > From: Andrew G. Mason [mailto:andrew@masontech.com]
> > > Sent: Thursday, June 14, 2001 5:40 PM
> > > To: ccielab@groupstudy.com
> > > Subject: IPSec and GRE
> > >
> > >
> > > Hi,
> > >
> > > I see quite a few posts and recommendations to use GRE
> > > tunnels with IPSec.
> > > This confuses me because IPSec performs tunnelling in its default
> > > configuration anyway so I cannot see any reason for
> > > tunnelling through a
> > > tunnel?
> > >
> > > Can anybody give a good reason to use a GRE tunnel instead of
> > > the default
> > > IPSec tunnel mode configuration?
> > >
> > > Cheers
> > >
> > >
> > > Andrew G. Mason
> > > CCIE #7144
> > > **Please read:http://www.groupstudy.com/list/posting.html
> > **Please read:http://www.groupstudy.com/list/posting.html
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBOyokHv8m30XxCss3EQIlOwCdFGuSlV6dcJxYRinvAU7zIygcoxYAnRKH
> 5UCm7WSvmtKQ/8woH2XlcA5G
> =AbYR
> -----END PGP SIGNATURE-----
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html

• Next message: Tariq Sharif: "RE: VIRATASwitch 1000"
• Previous message: Mike Gutknecht: "RE: eigrp with secondary ip"
• Maybe in reply to: Andrew G. Mason: "IPSec and GRE"
• Next in thread: Chuck Church: "RE: IPSec and GRE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:24 GMT-3