09-18-2008 04:33 AM - edited 03-03-2019 11:36 PM
I have terminated ipsec tunnel on two ASA'S, beind the ASA's i have routers forming EIGRP adjacency using the GRE over the ipsec tunnel. Does GRE encapsulate also the ipsec interesting traffic (unicast from the client applications) through the ipsec tunnel or just the routing traffic (None IP) for EIGRP? I am planning to implement QoS.
Francisco
09-18-2008 04:58 AM
Hello Francisco,
usually if point-to-point GRE over IPSec interesting traffic can be only the GRE packets themselves or GRE plus something else
Every IP subnet advertised in eigrp over the GRE tunnel will be encapsulated as GRE and then in IPSec.
see
Hope to help
Giuseppe
09-18-2008 05:17 AM
It is like
Data Traffic---->Encapsulation GRE------>Encrypted IPSec.
So while defining interesting traffic , you need to define GRE traffic as interesting like
access-list 101 permit gre a.b.c.0 x.x.x.x e.f.g.0 x.x.x.x
where a.b.c.0 is the subnet connecting ASA & router behind ASA..
HTH..rate if helpful..
09-18-2008 05:19 AM
so once the unicast is enacpsulated using GRE by the routers, the ASA will only see the GRE traffic and then encrypt it. right.
09-18-2008 05:29 AM
It is right !!!!!!
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: