Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

IPSec+OSPF, using Tunnel GRE/IP or IPSEC/IP

Unanswered Question
Nov 21st, 2006
User Badges:


i'm using IPSec+OSPF. There're the two possible solutions for protocol/transprot using Tunnel Interfaces:

a) GRE/IP with crypto-map, or

b) IPSEC/IP with crypto ipsec profile

What are the advantage/disadvantage using a) or b)...?

My main connection is based on direct Ethernet, but the backup solution depends on an E1 dialer-profile, so it's difficult to use dynamic routing for transport tunnel-source/-destination addresses and avoid from routing these addresse through the tunnel...



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
a-vazquez Mon, 11/27/2006 - 10:17
User Badges:
  • Silver, 250 points or more

IPSec supports the encryption of unicast IP traffic only. Therefore, routing protocols like Enhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF) and non-IP traffic like Internetwork Packet Exchange (IPX) and AppleTalk are unable to be encrypted using IPSec. Encapsulate such traffic in Generic Routing Encapsulation (GRE) before encryption, using a GRE over an IPSec configuration. With GRE over IPSec, traffic will be encapsulated first and then encrypted.

Try this link:



This Discussion