cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
716
Views
4
Helpful
10
Replies

Its has need IPSEC over GRE ?

biplobkhan
Level 1
Level 1

Hi

I have some branches which connect HO Via ISP.

I configure Tunnel among the HO-branch.

data pass through tunnel now.

now I need VPN between Ho-branch ?. as data pass within tunnel so it is protected. so why I am encrypted data ?.

any possible hacking the data when it pass through tunnel ?.

thanks

Biplob

10 Replies 10

a.alekseev
Level 7
Level 7

HI

My query is not about encryption.

I want to know if two sites are build up tunneling then any changes data hacking.

As wiithin tunnel data is protected pass then why I am configure IPSec over GRE ?

I think all are understand my confusing matter VPN over tunnel.

thanks

Biplob

Just because within а tunnel without data encryption your data is UNprotected.

Hi

unprotected in which of sence ?. when data pass through tunnel hacker can pick the data ? if unprotected then why i do tunnel ?

then what is necessary of tunnel ?

Normal IP Security (IPSec) configurations cannot transfer routing protocols, such as Enhanced Interior Gateway Routing Protocol (EIGRP) and Open Shortest Path First (OSPF), or non-IP traffic, such as Internetwork Packet Exchange (IPX) and AppleTalk, or Multicast

What is why in some cases you'd better do GRE with IPSec than pure IPsec.

Hi Biplob,

let me give a try :)

GRE (Generic Routing Encapsulation) protocol only a simple IP packet encapsulation protocol. GRE tunnel is generally created when you need a point-2-point virtual link between two remote devices. Suppose there is IP reachability between RouterA and RouterB, but you only have control only on A and D ,not on B and C.

RouterA<<-->>RouterB<<-->>RouterC <<-->>RouterD

Now when GRE tunnel is set up, the packets are only encapsulated with the GRE not encrypted.

RouterA<<========GRE tunnel=======>>RouterD

So IPSEC is used to encrypt the traffic.

Hope this helps.

Hi aleks

can you clear me more about this.

1.according your point if my branches and HO running eigrp then I can not do VPN (IPsec) ?

for this reason need GRE with IPsec ?

2. If static route run then if i do only eastablish tunnel then its riskless ?

thanks

biplob

Hi

waiting

Suppouse your branches and HQ are not directly connected.

And you want to run some dynamic routing protocol between branch and HQ.

So you need a tunnel interface.

to use IPSec or not, it depends on your security policy. If you want be sure that you data can not be eavesdrop so you need IPsec to encrypt your tunnel.

Hi all

I think its clear to me. so sumary is

Tunnel must uses:

1. when I need run dynamic routing

2. when branch is not direct connect.

IPsec over Tunnel:

1. when I need more security.

thanks again all of who are participate to clear this, I think many one get good assumtion when they use tunnel or Ipsec over gre.

thanks\

biplob

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: