Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

GRE over IPSEC questions

I just have a couple of questions with GRE over IPSEC.

1. When a clear text packet enters the router does it access the crypto map first or the out bound access-list?

2. When configuring GRE over transport IPSEC where does the AH header get placed. Is it in-between the original IP header and data like this stack?

New IP header

GRE Header

Original IP header

AH Header

Encrypted Payload

Or is it placed in between the new ip header and the GRE header like this stack?

New IP header

AH Header

Encrypted Payload

Thanks in advance for any guidance.

Brad

1 REPLY
Bronze

Re: GRE over IPSEC questions

For the first question, when a clear text packet enters the router the crypto map is checked first and then then the outbound access list is checked.

For the second question, this will be the order.

New IP header

AH Header

GRE header

payload.

110
Views
0
Helpful
1
Replies