Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
596
Views
0
Helpful
1
Replies

IPSec+OSPF, using Tunnel GRE/IP or IPSEC/IP

fmasson
Level 1
Level 1

‎11-21-2006 10:51 AM - edited ‎02-21-2020 02:44 PM

Hi,

i'm using IPSec+OSPF. There're the two possible solutions for protocol/transprot using Tunnel Interfaces:

a) GRE/IP with crypto-map, or

b) IPSEC/IP with crypto ipsec profile

What are the advantage/disadvantage using a) or b)...?

My main connection is based on direct Ethernet, but the backup solution depends on an E1 dialer-profile, so it's difficult to use dynamic routing for transport tunnel-source/-destination addresses and avoid from routing these addresse through the tunnel...

regards

Frank

Labels:
0 Helpful
1 Reply 1

a-vazquez
Level 6
Level 6

‎11-27-2006 10:17 AM

IPSec supports the encryption of unicast IP traffic only. Therefore, routing protocols like Enhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF) and non-IP traffic like Internetwork Packet Exchange (IPX) and AppleTalk are unable to be encrypted using IPSec. Encapsulate such traffic in Generic Routing Encapsulation (GRE) before encryption, using a GRE over an IPSec configuration. With GRE over IPSec, traffic will be encapsulated first and then encrypted.

Try this link:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00800a43f6.shtml

0 Helpful
Customers Also Viewed These Support Documents