Re: Ipsec over gre tunnel

From: Anthony Pace (anthonypace@xxxxxxxxxxx)
Date: Tue Jun 25 2002 - 20:27:29 GMT-3

• Next message: Anthony Pace: "Re: about dlsw icanreach command"
• Previous message: Anthony Pace: "OSPF summarization & VL"
• Maybe in reply to: Tom Young: "Re: Ipsec over gre tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
How practical would it be to send a "data payload" accross this kind of
link? Routing protocols would seem feasible, but would not the SNA (or
what ever) be in a GRE/IP header then put into an IPSEC packet. How big
could the payload be?

Anthony Pace

On Mon, 24 Jun 2002 00:28:06 -0400, "elping" <elpingu@acedsl.com> said:
> TOM:
>
> The poster asked....
>
> I wonder: what are the reasons to build an IPSec
> > tunnel over a GRE tunnel ?
>
> I answered ..in an spur
> to secure routing protocols..
>
> tom being the case that the poster asked in plural "REASONS..."
> I gave A reason ; one very short ....but true .
>
>
> Tom let's TRY to make you happy....how about
> to secure non-ip protocols ...and routing protocols and .............
>
> EL ping
>
>
> .
>
> Tom Young wrote:
>
> > to secure routing protocols ?
> > I want to ask you SNA is not a routing protocol, so it
> > could pass the internet in principle. If I using a
> > GRE&IPSec, could the SNA pass throught the internet?
> >
> > Thanks
> >
> > --- elpingu <elping@acedsl.com> $B$+$i$N%a%C%;!<%8!'(B
> > > to secure routing protocols
> > >
> > > Carlos G Mendioroz wrote:
> > >
> > > > I wonder: what are the reasons to build an IPSec
> > > tunnel over a GRE
> > > > tunnel ?
> > > >
> > > > I can imagine reasons for the other way arround
> > > (like encypting some
> > > > other protocol using IPSEC)...
> > > >
> > > > Erhan Kurt wrote:
> > > > >
> > > > > In Ipsec, it's better to choose both IOS are the
> > > same.
> > > > >
> > > > > Additionally, make sure:
> > > > > - to put your crypto map on both tunnel and
> > > physical interfaces
> > > > > - to use extended ip access list with exact
> > > source and destination
> > > > >
> > > > > Never Give Up,
> > > > > Erhan
> > > > >
> > > > > -----Original Message-----
> > > > > From: Paul [mailto:p_chopin@yahoo.com]
> > > > > Sent: 16 May}s 2002 Per~embe 10:49
> > > > > To: ccielab@groupstudy.com
> > > > > Subject:
> > > > >
> > > > > Hi guys
> > > > > Did anybody experience problems working on lab
> > > 22
> > > > > from CCIE Bootcamp?I try to make work vpn part
> > > of the
> > > > > lab, but somehow Ipsec doesn't work over the
> > > tunnel.My
> > > > > configs look exactly as the one submitted with
> > > the
> > > > > lab.
> > > > > I wonder is there trick to running Ipsec over
> > > gre
> > > > > tunnel.
> > > > > Paul
> > > >
> > > > --
> > > > Carlos G Mendioroz <tron@huapi.ba.ar> LW7 EQI
> > > Argentina
> > > >
> > >

• Next message: Anthony Pace: "Re: about dlsw icanreach command"
• Previous message: Anthony Pace: "OSPF summarization & VL"
• Maybe in reply to: Tom Young: "Re: Ipsec over gre tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Jul 02 2002 - 08:12:41 GMT-3