Hi,
Yes, SVTI (tunnel mode ipsec ipv4) uses direct ESP encapsulation, so you
don9t have the extra GRE tunnel header.
SVTI is basically the old crypto-map implementation, just that you now
have an interface allocated for the IPsec tunnel, thus the added benefits
like for example dynamic routing and Real QoS.
There are also other differences, like for example the tunnel state: SVTI
tunnel is up only after Ipsec SA has been successfully negotiated (cause
it uses direct ESP encapsulation), while PTP GRE tunnel is up as long as
you have a route to the tunnel destination; also the proy-acl looks
different, not that you are really interested into that in most cases.
Regards,
Cristian Matei, 2 x CCIE #23684 (R&S/SC)
cmatei_at_INE.com
Internetwork Expert, Inc.
http://www.INE.com
On 16/04/14 05:58, "Daniel Barney" <daniel.barney.b_at_hotmail.com> wrote:
>Hello experts!
>I have a quick question, hope you could clarify my doubt.
>When using IPSec on a tunnel interface.
>Does the tunnel mode ipsec ipv4 insted of adding the GRE payload, it only
>adds the ESP payload?
>
>So when using tunnel mode gre and tunnel protection ipsec, we will have
>GRE paylod + ESP paylod?
>
>Please correct me if I am wrong!
>Thank you all!
>
>---
>Daniel Barney Briseqo
>"El ultimo minuto tambiin tiene 60 segundos"
>Cel: (55) 31 00 52 26
>
>
>Blogs and organic groups at http://www.ccie.net
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Apr 16 2014 - 04:55:26 ART
This archive was generated by hypermail 2.2.0 : Thu May 08 2014 - 13:53:43 ART