I have some branches which connect HO Via ISP.
I configure Tunnel among the HO-branch.
data pass through tunnel now.
now I need VPN between Ho-branch ?. as data pass within tunnel so it is protected. so why I am encrypted data ?.
any possible hacking the data when it pass through tunnel ?.
My query is not about encryption.
I want to know if two sites are build up tunneling then any changes data hacking.
As wiithin tunnel data is protected pass then why I am configure IPSec over GRE ?
I think all are understand my confusing matter VPN over tunnel.
unprotected in which of sence ?. when data pass through tunnel hacker can pick the data ? if unprotected then why i do tunnel ?
then what is necessary of tunnel ?
Normal IP Security (IPSec) configurations cannot transfer routing protocols, such as Enhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF), or non-IP traffic, such as Internetwork Packet Exchange (IPX) and AppleTalk, or Multicast
What is why in some cases you'd better do GRE with IPSec than pure IPsec.
let me give a try :)
GRE (Generic Routing Encapsulation) protocol only a simple IP packet encapsulation protocol. GRE tunnel is generally created when you need a point-2-point virtual link between two remote devices. Suppose there is IP reachability between RouterA and RouterB, but you only have control only on A and D ,not on B and C.
Now when GRE tunnel is set up, the packets are only encapsulated with the GRE not encrypted.
So IPSEC is used to encrypt the traffic.
Hope this helps.
can you clear me more about this.
1.according your point if my branches and HO running eigrp then I can not do VPN (IPsec) ?
for this reason need GRE with IPsec ?
2. If static route run then if i do only eastablish tunnel then its riskless ?
Suppouse your branches and HQ are not directly connected.
And you want to run some dynamic routing protocol between branch and HQ.
So you need a tunnel interface.
to use IPSec or not, it depends on your security policy. If you want be sure that you data can not be eavesdrop so you need IPsec to encrypt your tunnel.
I think its clear to me. so sumary is
Tunnel must uses:
1. when I need run dynamic routing
2. when branch is not direct connect.
IPsec over Tunnel:
1. when I need more security.
thanks again all of who are participate to clear this, I think many one get good assumtion when they use tunnel or Ipsec over gre.