Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

GRE + IPSec vs IPSec

I have central site and 8 brunches and I need to create tunnel to them to exchange ip traffic only. It can be done in two ways

1. create GRE tunnel and encript it by IPSec.

2. Do not create GRE tunnel. Use only IPSEC.

First approach has two advantages.

a)tunnel interfaces can be easily shutdowned

b)different access lists can be applied to each tunnel interface

Drawbacks-some overhead and lower mtu. But I still can't made my mind what is better. Can anyone share thought and personal experience about better way to configure tunnels.

  • Other Security Subjects
1 REPLY
Cisco Employee

Re: GRE + IPSec vs IPSec

Hi Lavon,

Another thing you may want to keep in mind while considering this is "Multicast/Broadcast traffic". You can run routing protocols through the GRE/IPSEC solution and non-IP traffic aswell in case you need it in the future.

Hope this helps,

Regards,

Aamir

-=-

208
Views
0
Helpful
1
Replies