From: Hemant_Kumar@xxxxxxxxxx
Date: Mon Jun 03 2002 - 19:37:05 GMT-3
Tom,
IPSEC is used to protect data. Normally it does not support Routing
Protocols such as OSPF, EIGRP (try it with your lab setup).
However if you want to pass your routing protocol between the sites and at
the same time protect the data using IPSEC use following:
1. Create GRE tunnel
2. Then use IPSEC to protect the GRE traffic (not the actuall traffic)
NOTE all traffic between the 2 end point of the GRE tunnel will be
encapsulated into a GRE Packet. Therefore it makes sense to protect the
only GRE traffic using IPSEC. With this configuration you will be able
pass routing protocol between the sites.
So to anwser your question:
Use GRE/IPSEC if you want to pass routing updates between the sites
Use IPSEC if you just want to protect your data. (Need static routing)
HTH
Hemant
Tom Young
<gitsyoung@ya
hoo.co.jp> To: elping <elping@acedsl.com>
06/03/02 (bcc: Hemant Kumar/RM/USR/SHG)
08:23 AM Subject:
Please Re: IPSec&GRE
respond to
Tom Young
Thanks for your reply, would you teach me further, when
could I use IPSec, when could I use GRE and when could I
use the combine of IPSec&GRE?
Thanks
Young
--- elping <elping@acedsl.com> $B$+$i$N%a%C%;!<%8!'(B
> you will notice it is a tunnel if you do a trace
> across ipsec
> it will be one hop
>
>
-----r1(ipsec)-------r2-------r3--------r4-------(ipsec)r5
> if you trace from r1 to r5 it will show one hop
>
> Tom Young wrote:
>
> > A question about the IPSec and GRE, I want to know
> when I
> > use the GRE combine with IPSec, When I only use
> IPSec is
> > ok. Does IPSec has the function of making a
> tunnel?
> >
> > Thanks
> >
> > Young
> >
This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:22 GMT-3