Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

routing protocols over IPSEC

why can't you run a routing protocol in IPSEC tunnel mode? why do you need GRE to run a routing protocol?

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: routing protocols over IPSEC

Most of the dynamic routing protocols use multicast addressing or broadcast addressing for the destination address. IPSec processes unicast IP traffic. This is the reason that we have traditionally used GRE which can easily pass multicast and broadcast traffic within the tunnel as the way to run routing protocols over IPSec tunnels. With GRE the multicast routing protocol traffic is encapsulated in a GRE packet which has a unicast source and destination address.

HTH

Rick

3 REPLIES
Hall of Fame Super Silver

Re: routing protocols over IPSEC

Most of the dynamic routing protocols use multicast addressing or broadcast addressing for the destination address. IPSec processes unicast IP traffic. This is the reason that we have traditionally used GRE which can easily pass multicast and broadcast traffic within the tunnel as the way to run routing protocols over IPSec tunnels. With GRE the multicast routing protocol traffic is encapsulated in a GRE packet which has a unicast source and destination address.

HTH

Rick

New Member

Re: routing protocols over IPSEC

thanks for the response, rick.

just had a quick follow up. doesn't ipsec tunnel mode already encapsulate a unicast ip address? i figured we could trigger ipsec with some sort of "permit eigrp" statement in the crypto acl (assuming we're using eigrp). is this feasible?

Hall of Fame Super Silver

Re: routing protocols over IPSEC

Yes ipsec already encapsulates a unicast IP address (this is part of what I said in my previous response). But ipsec does not encapsulate multicast. And EIGRP uses multicast packets.

HTH

Rick

353
Views
0
Helpful
3
Replies
CreatePlease to create content