Another GRE question for the week

Unanswered Question
Sep 18th, 2008

I have terminated ipsec tunnel on two ASA'S, beind the ASA's i have routers forming EIGRP adjacency using the GRE over the ipsec tunnel. Does GRE encapsulate also the ipsec interesting traffic (unicast from the client applications) through the ipsec tunnel or just the routing traffic (None IP) for EIGRP? I am planning to implement QoS.

Francisco

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
Giuseppe Larosa Thu, 09/18/2008 - 04:58

Hello Francisco,

usually if point-to-point GRE over IPSec interesting traffic can be only the GRE packets themselves or GRE plus something else

Every IP subnet advertised in eigrp over the GRE tunnel will be encapsulated as GRE and then in IPSec.

see

http://www.cisco.com/en/US/docs/solutions/Enterprise/WAN_and_MAN/P2P_GRE_IPSec/1_p2pGRE_Phase2_external_docbase_0900e4b180a3efed_4container_external_docbase_0900e4b180ad8740.html

Hope to help

Giuseppe

satish_zanjurne Thu, 09/18/2008 - 05:17

It is like

Data Traffic---->Encapsulation GRE------>Encrypted IPSec.

So while defining interesting traffic , you need to define GRE traffic as interesting like

access-list 101 permit gre a.b.c.0 x.x.x.x e.f.g.0 x.x.x.x

where a.b.c.0 is the subnet connecting ASA & router behind ASA..

HTH..rate if helpful..

francisco_1 Thu, 09/18/2008 - 05:19

so once the unicast is enacpsulated using GRE by the routers, the ASA will only see the GRE traffic and then encrypt it. right.

Actions

This Discussion