GRE / IPSec w/ dynamic routing question

jrogalski · ‎07-30-2002

Hello,

I am setting up GRE tunnels between routers (35) using the serial interfaces as the sources and destinations for the tunnels (NAT is not being used). From all documentation I have read, I would need a crypto map and an access-list permitting GRE from source to destination for each tunnel/peer. If dynamic routing is setup and the tunnel from A to C goes down while tunnel A to B and tunnel B to C are still up, will IPSec get hosed when routing data that should go directly A to C when it tries A to B to C? I am not sure if IPSec would see this new path (A to B to C) as two seperate IPSec encrypts/decrypts since it will be taking two different GRE tunnels on two different routers. Any thoughts or pointers would be appreciated.

Thanks,

John.

paqiu · ‎07-30-2002

Hi John,

The IPSEC with GRE tunnel will try A to B to C when A to C's tunnel down.

Let's just assume that you do not use IPSEC to encrypte the GRE tunnel, above situation will be working for sure.

When we encrypted the GRE tunnel, we actually encrypted the traffic from one host to another host (ip address of one serial interface and ip address of another serial interface). This process is trsnparent to all your user data traffic or routing protocol.

So all the OSPF , EIGRP routing mechanism will be all working fine with your 35 routers hub and spoke or fully meshed GRE tunnel with IPSEC networks.

They can dynamically find the best routes if some tunnels down.

Best Regards,