cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
583
Views
0
Helpful
3
Replies

routing protocols over IPSEC

hi.622823
Level 1
Level 1

why can't you run a routing protocol in IPSEC tunnel mode? why do you need GRE to run a routing protocol?

1 Accepted Solution

Accepted Solutions

Richard Burts
Hall of Fame
Hall of Fame

Most of the dynamic routing protocols use multicast addressing or broadcast addressing for the destination address. IPSec processes unicast IP traffic. This is the reason that we have traditionally used GRE which can easily pass multicast and broadcast traffic within the tunnel as the way to run routing protocols over IPSec tunnels. With GRE the multicast routing protocol traffic is encapsulated in a GRE packet which has a unicast source and destination address.

HTH

Rick

HTH

Rick

View solution in original post

3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

Most of the dynamic routing protocols use multicast addressing or broadcast addressing for the destination address. IPSec processes unicast IP traffic. This is the reason that we have traditionally used GRE which can easily pass multicast and broadcast traffic within the tunnel as the way to run routing protocols over IPSec tunnels. With GRE the multicast routing protocol traffic is encapsulated in a GRE packet which has a unicast source and destination address.

HTH

Rick

HTH

Rick

thanks for the response, rick.

just had a quick follow up. doesn't ipsec tunnel mode already encapsulate a unicast ip address? i figured we could trigger ipsec with some sort of "permit eigrp" statement in the crypto acl (assuming we're using eigrp). is this feasible?

Yes ipsec already encapsulates a unicast IP address (this is part of what I said in my previous response). But ipsec does not encapsulate multicast. And EIGRP uses multicast packets.

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: