Unanswered Question
May 19th, 2009

I've been reading this configuration example to help set up OSPF over a VPN.


The difference, in my case, is that the second VPN peer is a Cisco 861 IOS based router. Can IOS do OSPF over the site-to-site VPN, or is a GRE tunnel needed? Where can I find reference material to help me set this up?

Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Laurent Aubert Wed, 05/20/2009 - 06:13


IOS doesn't support this configuration. You need to go with a GRE tunnel.



patucker Thu, 06/04/2009 - 11:14

What is the downside of SVTI (static virtual tunnel interface) compared to GRE?

rakesh.hegde Thu, 06/04/2009 - 14:04


You can use static VTIs with or with out GRE. The difference is with the way router builds the IPSEC SA proxies. If you use the default gre mode, the traffic hitting the tunnel interface is GRE encapsulated using tunnel source and destination ips and then the IPSEC SAs is built using same source and destination ips. This means that tunnel source and destination IPs must be reachable. This is pretty much the only downside I can think of. In a traditional GRE over IPSEC set up you don't have this requirement (you use IPSEC to provide tunnel end point reach ability).

So, if you want encrypt multicast with out GRE encapulation you can use VTI in tunnel mode (tunnel mode ipsec ipv4). In this case the router builds IPSEC SAs for all source and destination ( using tunnel source and destination ip.




This Discussion