Re: Ipsec and gre

From: Edouard Zorrilla (ezorrilla@tsf.com.pe)
Date: Fri Jan 23 2009 - 13:16:09 ARST

• Next message: Lucas Iglesias: "Re: DHCP over PPPoE running OSPF"
• Previous message: Sadiq Yakasai: "Re: Ipsec and gre"
• Maybe in reply to: Sadiq Yakasai: "Re: Ipsec and gre"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

You can run IPsec in transport mode and save 20 bytes since GRE has already
encapsulated the original data packet so you do not need IPsec to encapsulate
the GRE IP packet in another IP header.
When running IPsec in transport mode, there is a restriction that the IP
source and destination addresses of the packet to be encrypted must match the
IPsec peer addresses (the router itself). In this case, this just means that
the GRE tunnel endpoint and IPsec peer addresses must be the same. This is not
a problem since the same routers are both the IPsec and GRE tunnel endpoints.

Regards,

  ----- Original Message -----
  From: Sadiq Yakasai
  To: George Murage
  Cc: Edouard Zorrilla ; Stuart Hare ; OSL Lab Exam ; security@groupstudy.com
; ccielab@groupstudy.com
  Sent: Friday, January 23, 2009 9:55 AM
  Subject: Re: Ipsec and gre

  Does it not matter if you are doing transport or tunnel mode? Where one only
protects the body and the other protects the whole packert in a new header?

  Shed more light here gurus!

  Thanks,

  Sadiq

Blogs and organic groups at http://www.ccie.net

• Next message: Lucas Iglesias: "Re: DHCP over PPPoE running OSPF"
• Previous message: Sadiq Yakasai: "Re: Ipsec and gre"
• Maybe in reply to: Sadiq Yakasai: "Re: Ipsec and gre"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:39 ARST