Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Its has need IPSEC over GRE ?

Hi

I have some branches which connect HO Via ISP.

I configure Tunnel among the HO-branch.

data pass through tunnel now.

now I need VPN between Ho-branch ?. as data pass within tunnel so it is protected. so why I am encrypted data ?.

any possible hacking the data when it pass through tunnel ?.

thanks

Biplob

10 REPLIES

Re: Its has need IPSEC over GRE ?

New Member

Re: Its has need IPSEC over GRE ?

HI

My query is not about encryption.

I want to know if two sites are build up tunneling then any changes data hacking.

As wiithin tunnel data is protected pass then why I am configure IPSec over GRE ?

I think all are understand my confusing matter VPN over tunnel.

thanks

Biplob

Re: Its has need IPSEC over GRE ?

Just because within а tunnel without data encryption your data is UNprotected.

New Member

Re: Its has need IPSEC over GRE ?

Hi

unprotected in which of sence ?. when data pass through tunnel hacker can pick the data ? if unprotected then why i do tunnel ?

then what is necessary of tunnel ?

Re: Its has need IPSEC over GRE ?

Normal IP Security (IPSec) configurations cannot transfer routing protocols, such as Enhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF), or non-IP traffic, such as Internetwork Packet Exchange (IPX) and AppleTalk, or Multicast

What is why in some cases you'd better do GRE with IPSec than pure IPsec.

Re: Its has need IPSEC over GRE ?

Hi Biplob,

let me give a try :)

GRE (Generic Routing Encapsulation) protocol only a simple IP packet encapsulation protocol. GRE tunnel is generally created when you need a point-2-point virtual link between two remote devices. Suppose there is IP reachability between RouterA and RouterB, but you only have control only on A and D ,not on B and C.

RouterA<<-->>RouterB<<-->>RouterC <<-->>RouterD

Now when GRE tunnel is set up, the packets are only encapsulated with the GRE not encrypted.

RouterA<<========GRE tunnel=======>>RouterD

So IPSEC is used to encrypt the traffic.

Hope this helps.

New Member

Re: Its has need IPSEC over GRE ?

Hi aleks

can you clear me more about this.

1.according your point if my branches and HO running eigrp then I can not do VPN (IPsec) ?

for this reason need GRE with IPsec ?

2. If static route run then if i do only eastablish tunnel then its riskless ?

thanks

biplob

New Member

Re: Its has need IPSEC over GRE ?

Hi

waiting

Re: Its has need IPSEC over GRE ?

Suppouse your branches and HQ are not directly connected.

And you want to run some dynamic routing protocol between branch and HQ.

So you need a tunnel interface.

to use IPSec or not, it depends on your security policy. If you want be sure that you data can not be eavesdrop so you need IPsec to encrypt your tunnel.

New Member

Re: Its has need IPSEC over GRE ?

Hi all

I think its clear to me. so sumary is

Tunnel must uses:

1. when I need run dynamic routing

2. when branch is not direct connect.

IPsec over Tunnel:

1. when I need more security.

thanks again all of who are participate to clear this, I think many one get good assumtion when they use tunnel or Ipsec over gre.

thanks\

biplob

122
Views
4
Helpful
10
Replies