Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
307
Views
0
Helpful
4
Replies

Help

ciscoalltheway
Level 1
Level 1

‎09-27-2005 10:45 PM - edited ‎03-09-2019 12:32 PM

PIX501->C1841->Network Cloud->C1841->PIX501

Both cisco1841 run GRE. So is the link secure if GRE is running on both C1841 instead of running on PIX501? Please advise or correct me thank you very much any help is deeply appreciated

Labels:
0 Helpful
4 Replies 4

jackko
Level 7
Level 7

‎09-28-2005 06:23 AM

gre doesn't provide encryption at all. that means anyone along the path between two sites can sniff sensitive/confidential information.

if security is a concern, perhaps you may setup an ipsec vpn between pix501s. this solution works only if both pix501s have a public ip.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to jackko

‎09-28-2005 11:10 AM

Jack is correct that GRE does not provide much security. What you transmit is slightly obscured because the source and destination addresses are the router addresses not your address or the real destination. But the content of the message is clear text, which can be sniffed etc.

If you are concerned about securing the communication through the Internet then you should consider something like IPSec. It is possible to run IPSec between the two PIX or between the two 1841s. I would probably suggest running it between the 1841s. It is easy to combine GRE with IPSec tunnels. I have implemented this a number of times and it works quite well.

HTH

Rick

HTH

Rick
0 Helpful

ciscoalltheway
Level 1
Level 1
In response to Richard Burts

‎09-28-2005 04:26 PM

Thanks alot!!!

If IPSec and GRE are implemented on C1841, What should i do with the pix? please advise. Thank you so much!!!

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to ciscoalltheway

‎09-29-2005 05:01 AM

The atchitecture that you have described with the 1841 on the outside of the PIX is a good architecture. The 1841 provides routing, tunneling, and protection of the traffic passing through the Internet. The PIX provides various firewall functions which protect the interior of your network. These services may include NAT, stateful inspection of traffic, and implementation of various security policies that your organization may want to implement.

The PIX is a good firewall. The 1841 is a good router. You should let the router route (and tunnel) and let the PIX provide firewall services. Either box is capable of providing both services. In this architecture each box does what it is best at.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents