From: Tommy C (tkc9789@xxxxxxxxxxx)
Date: Wed Jul 24 2002 - 22:22:23 GMT-3
To encrypt GRE tunnel you have to apply the crypto map to the GRE tunnel
interface and the physical interface. The ACL is to protect only the GRE
traffic. (permit GRE host ..... host .....) As your packet is already
encapsulated in the GRE tunnel when it's processed by IPSec.
Tommy
>From: "Anthony Pace" <anthonypace@fastmail.fm>
>Reply-To: "Anthony Pace" <anthonypace@fastmail.fm>
>To: ccielab@groupstudy.com
>Subject: IPSEC and GRE
>Date: Thu, 25 Jul 2002 00:32:29 +0000
>
>To encrypt a GRE tunnel is it best to apply the crypto map to the GRE
>tunnel interface or the real interface(s) the traffic will ultimatly
>traverse. If the answer is both, then do I set up the access-list to
>encrypt all IP or just GRE traffic.
>
>I would think that if you applied the map to the real interface, and
>the ACL matched GRE then it would work.
>
>I would think that if you appplied the map to the GRE, and the ACL
>matched all IP then it would also work.
>
>The examples I have seen put it on both. What is the difference and
>does it matter?
>
>Anthony Pace
>--
> Anthony Pace
> anthonypace@fastmail.fm
>
>--
>http://fastmail.fm - Email service worth paying for. Try it for free.
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:42 GMT-3