I am setting up GRE tunnels between routers (35) using the serial interfaces as the sources and destinations for the tunnels (NAT is not being used). From all documentation I have read, I would need a crypto map and an access-list permitting GRE from source to destination for each tunnel/peer. If dynamic routing is setup and the tunnel from A to C goes down while tunnel A to B and tunnel B to C are still up, will IPSec get hosed when routing data that should go directly A to C when it tries A to B to C? I am not sure if IPSec would see this new path (A to B to C) as two seperate IPSec encrypts/decrypts since it will be taking two different GRE tunnels on two different routers. Any thoughts or pointers would be appreciated.
The IPSEC with GRE tunnel will try A to B to C when A to C's tunnel down.
Let's just assume that you do not use IPSEC to encrypte the GRE tunnel, above situation will be working for sure.
When we encrypted the GRE tunnel, we actually encrypted the traffic from one host to another host (ip address of one serial interface and ip address of another serial interface). This process is trsnparent to all your user data traffic or routing protocol.
So all the OSPF , EIGRP routing mechanism will be all working fine with your 35 routers hub and spoke or fully meshed GRE tunnel with IPSEC networks.
They can dynamically find the best routes if some tunnels down.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :