Another GRE question for the week

Unanswered Question
Sep 18th, 2008
User Badges:
  • Gold, 750 points or more

I have terminated ipsec tunnel on two ASA'S, beind the ASA's i have routers forming EIGRP adjacency using the GRE over the ipsec tunnel. Does GRE encapsulate also the ipsec interesting traffic (unicast from the client applications) through the ipsec tunnel or just the routing traffic (None IP) for EIGRP? I am planning to implement QoS.



Francisco

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
Giuseppe Larosa Thu, 09/18/2008 - 04:58
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Francisco,

usually if point-to-point GRE over IPSec interesting traffic can be only the GRE packets themselves or GRE plus something else


Every IP subnet advertised in eigrp over the GRE tunnel will be encapsulated as GRE and then in IPSec.


see


http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/P2P_GRE_IPSec/1_p2pGRE_Phase2_external_docbase_0900e4b180a3efed_4container_external_docbase_0900e4b180ad8740.html


Hope to help

Giuseppe

satish_zanjurne Thu, 09/18/2008 - 05:17
User Badges:
  • Silver, 250 points or more


It is like


Data Traffic---->Encapsulation GRE------>Encrypted IPSec.


So while defining interesting traffic , you need to define GRE traffic as interesting like


access-list 101 permit gre a.b.c.0 x.x.x.x e.f.g.0 x.x.x.x


where a.b.c.0 is the subnet connecting ASA & router behind ASA..


HTH..rate if helpful..

francisco_1 Thu, 09/18/2008 - 05:19
User Badges:
  • Gold, 750 points or more

so once the unicast is enacpsulated using GRE by the routers, the ASA will only see the GRE traffic and then encrypt it. right.

Actions

This Discussion