What mode for GRE/IPSec with hardware encryption, transport or tunnel?
A colleague was at Networkers last Spring and heard in a presentation on VPNs that when using hardware encryption modules, you should use IPSec in Tunnel mode even if using GRE tunnels. The presenting engineer said you get better performance with tunnel mode. Earlier recommendations said that when using GRE/IPSec that transport mode is best. Can anyone clear this up for me please?
Re: What mode for GRE/IPSec with hardware encryption, transport
Running in either Tunnel or Transport mode should make no difference to the hardware encryption module as it's purpose is to process the encryptio/decryption algorithm. So the 2 modes are seperate to what the hardware does (IE. DES, 3DES, etc..) So the deciding factor for running in tunnel/transport is how the IPSec is to be implemented into your network. If it is IPSec between 2 hosts then transport is best but if it is IPSec between 2 gateways that encrypt the traffic of the hosts behind them then tunnel is the best (also most common scenario) Since you are encrypting your GRE tunnels then tunnel mode IPSec is what you should be using.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...