Another GRE question for the week

Unanswered Question
Sep 18th, 2008

I have terminated ipsec tunnel on two ASA'S, beind the ASA's i have routers forming EIGRP adjacency using the GRE over the ipsec tunnel. Does GRE encapsulate also the ipsec interesting traffic (unicast from the client applications) through the ipsec tunnel or just the routing traffic (None IP) for EIGRP? I am planning to implement QoS.



Francisco

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
Giuseppe Larosa Thu, 09/18/2008 - 04:58

Hello Francisco,

usually if point-to-point GRE over IPSec interesting traffic can be only the GRE packets themselves or GRE plus something else


Every IP subnet advertised in eigrp over the GRE tunnel will be encapsulated as GRE and then in IPSec.


see


http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/P2P_GRE_IPSec/1_p2pGRE_Phase2_external_docbase_0900e4b180a3efed_4container_external_docbase_0900e4b180ad8740.html


Hope to help

Giuseppe

satish_zanjurne Thu, 09/18/2008 - 05:17


It is like


Data Traffic---->Encapsulation GRE------>Encrypted IPSec.


So while defining interesting traffic , you need to define GRE traffic as interesting like


access-list 101 permit gre a.b.c.0 x.x.x.x e.f.g.0 x.x.x.x


where a.b.c.0 is the subnet connecting ASA & router behind ASA..


HTH..rate if helpful..

francisco_1 Thu, 09/18/2008 - 05:19

so once the unicast is enacpsulated using GRE by the routers, the ASA will only see the GRE traffic and then encrypt it. right.

Actions

This Discussion