Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

vpn

Dear all

I have a confusion, In theory, GRE tunnel is for Dynamic routing protocols over IPsec, In my practice,

I implemented an IPsec tunnel without GRE,then used OSPF as a routing protocol, and they are also exchanging their routing

information, In this case, I think there is no any reason to use GRE , Please you are requested to explain in detail about GRE. Any

Response will be appreciated.

Thank you

1 REPLY
Cisco Employee

Re: vpn

IPSec tunnel natively does not support multicast traffic, and dynamic routing protocols by default is running on multicast.


You would need to check whether the routing updates are exchanged via multicast, or it has neighbour statement that changed it to unicast hence it works through IPSec tunnel. If you would like to use the native multicast dynamic routing protocols through ipsec tunnel, you would need to encapsulate those multicast traffic in GRE first prior to it being encrypted with IPSec.

Another possibility apart from it being unicast traffic is possible the routing updates are exchanged NOT through the IPSec tunnel, but through your backdoor (possible MPLS cloud) internally.

Hope that answers your question.

132
Views
3
Helpful
1
Replies