From: Szabo, Vilmos (VS183600@exchange.UnitedKingdom.NCR.COM)
Date: Tue Jul 15 2003 - 19:34:04 GMT-3
Joe,
One scenario for IPSec over GRE is 'IPSec Virtual Private Network Resilience
Solutions' see the link:
http://www.cisco.com/en/US/netsol/ns110/ns170/ns171/ns241/netbr09186a0080185
726.html
.. but I would argue with the author on this solution because it requires
two GRE tunnels + two IPSec tunnels between Remote and Central side.
In my opinion it is more simple and flexible to configure single IPSec
tunnel so that its SRC and DST are terminated on Loopback interfaces on
Remote and Central site routers and a Dynamic Routing protocol gives the
resilency for IPSec tunnel.
Let me know your opinion!
Regards,
Vilmos
-----Original Message-----
From: Joe Deleonardo [mailto:jdeleonardo@cox.net]
Sent: 15 July 2003 19:38
To: cciesecurity@yahoogroups.com; ccielab@groupstudy.com;
security@groupstudy.com
Subject: Re: IPSec over GRE -vs- GRE over IPSec
About the only reason I can think of is if you had a requirement to use ah
and
you weren't allowed to do NAT before IPSec and NAT Transparency is not an
option.
----- Original Message -----
From: Joe Deleonardo
To: cciesecurity@yahoogroups.com ; ccielab@groupstudy.com ;
security@groupstudy.com
Sent: Tuesday, July 15, 2003 10:08 AM
Subject: IPSec over GRE -vs- GRE over IPSec
IPSec over GRE -vs- GRE over IPSec.
Alright is this just a play on words or what? GRE over IPSec makes sense,
it's used to transport non unicast traffic.
But why would you want to do IPSec over GRE. Does anyone have a link to a
config example? ... if it's something?
Thanks,
Joe
This archive was generated by hypermail 2.1.4 : Wed Aug 06 2003 - 06:52:40 GMT-3