Unanswered Question
Aug 9th, 2010
User Badges:

Dear all

I have a confusion, In theory, GRE tunnel is for Dynamic routing protocols over IPsec, In my practice,

I implemented an IPsec tunnel without GRE,then used OSPF as a routing protocol, and they are also exchanging their routing

information, In this case, I think there is no any reason to use GRE , Please you are requested to explain in detail about GRE. Any

Response will be appreciated.

Thank you

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
Jennifer Halim Mon, 08/09/2010 - 02:54
User Badges:
  • Cisco Employee,

IPSec tunnel natively does not support multicast traffic, and dynamic routing protocols by default is running on multicast.

You would need to check whether the routing updates are exchanged via multicast, or it has neighbour statement that changed it to unicast hence it works through IPSec tunnel. If you would like to use the native multicast dynamic routing protocols through ipsec tunnel, you would need to encapsulate those multicast traffic in GRE first prior to it being encrypted with IPSec.

Another possibility apart from it being unicast traffic is possible the routing updates are exchanged NOT through the IPSec tunnel, but through your backdoor (possible MPLS cloud) internally.

Hope that answers your question.


This Discussion