RE: About GRE over IPSEC from Laidlaw, Patrick A. on 2011-04-14 (Ccielab archives 04/2011)

From: Laidlaw, Patrick A. <Patrick.Laidlaw_at_wwt.com>
Date: Thu, 14 Apr 2011 11:12:14 -0500

Oh I see what you mean by the question I guess I was looking at it in the way of evolution of common practice.

-----Original Message-----
From: Sasa Milic [mailto:smilic2_at_asseco-see.rs]
Sent: Wednesday, April 13, 2011 11:14 PM
To: Laidlaw, Patrick A.
Cc: ccie; ccielab_at_groupstudy.com
Subject: Re: About GRE over IPSEC

Amin asked about GRE over IPSec, that means that he would like to
encrypt tunnel interface (including data that is inside the tunnel).
That requires crypto map to be applied on the physical interface that
transports tunnel.

If crypto map is applied to tunnel interface, shouldn't that be IPSec
over GRE?

Regards,
Sasa

Laidlaw, Patrick A. wrote:
> I think you are looking at the original way people had envisioned gre over ipsec. You encyprt the tunnel from gre termination point to gre termination point and the traffic from site to site rides the gre tunnel which the gre tunnel is then encrypted.

>
> I believe most people apply the crypto to the tunnel interface to encrypt the data packets riding the tunnel and not the gre.
>
> Patrick
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Sasa Milic
> Sent: Wednesday, April 13, 2011 5:19 AM
> To: ccie
> Cc: ccielab_at_groupstudy.com
> Subject: Re: About GRE over IPSEC
>
> Shouldn't crypto map be applied to physical interface, not the tunnel?
> It was changed somewhere around 12.2T ...
>
> Regards,
> Sasa
>
>
> ccie wrote:
>> Hello experts,
>>
>> Is there any change in the configuration wise of GRE over IPSEC in IOS 15.0
>>
>> I configure everything apply it to the physical port, then try to apply the
>> crypto map on the tunnel interface, but I got this error
>>
>>
>>
>> Currently only GDOI crypto map is supported on tunnel interface
>>
>>
>>
>> Regards,
>>
>> Amin
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>
> ________________________________
> This communication is for informational purposes only. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Present message and any attached files may be or contain privileged information and is the property exclusive of ASSECO SEE CAPITAL GROUP. This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. The information contained in this message is solely intended for the physical or legal person to whom it is addressed and to the authorized persons for receiving it. In the case you are not the intended recipient or the authorized person to receive this message, we inform that disclosure, duplicate, distribution or taking up any actions on information contained in this message are strictly forbidden and are under civil and legal responsibility. In case you received it by error, you are requested to noti
fy!
> the sender and to destroy the original e-mail message from your system. Opinions, conclusions or any other information contained into this message, which are not related to ASSECO SEE CAPITAL GROUP activity must not be understood to be expressed or endorsed by ASSECO SEE CAPITAL GROUP. The interpretation expressed in the present message did not reflect ASSECO SEE CAPITAL GROUP opinion.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
> .
>

________________________________
This communication is for informational purposes only. All market prices, data and other information are not warranted as to completeness or accuracy and are subject to change without notice. Present message and any attached files may be or contain privileged information and is the property exclusive of ASSECO SEE CAPITAL GROUP. This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. The information contained in this message is solely intended for the physical or legal person to whom it is addressed and to the authorized persons for receiving it. In the case you are not the intended recipient or the authorized person to receive this message, we inform that disclosure, duplicate, distribution or taking up any actions on information contained in this message are strictly forbidden and are under civil and legal responsibility. In case you received it by error, you are requested to notify!
the sender and to destroy the original e-mail message from your system. Opinions, conclusions or any other information contained into this message, which are not related to ASSECO SEE CAPITAL GROUP activity must not be understood to be expressed or endorsed by ASSECO SEE CAPITAL GROUP. The interpretation expressed in the present message did not reflect ASSECO SEE CAPITAL GROUP opinion.

Blogs and organic groups at http://www.ccie.net
Received on Thu Apr 14 2011 - 11:12:14 ART

This archive was generated by hypermail 2.2.0 : Sun May 01 2011 - 09:00:29 ART