Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
391
Views
0
Helpful
2
Replies

Gre + IPSec

minumathur
Level 1
Level 1

‎08-28-2006 11:29 PM - edited ‎03-03-2019 01:48 PM

Hi.

I have question,

1)does IPSec support Multicaste capability ?

2)Why we configure IPsec tunnel into GRE tunnel ?

I have read one cisco documents as per doc , IPSec does not support IP multicast , but when we use netscreen firewall ( end to end ) IPsec tunnel on internet, this will routing internet, how this both things are different.

I hope you understand my queary.

-Minu

Labels:
0 Helpful
2 Replies 2

Wilson Samuel
Level 7
Level 7

‎08-29-2006 12:53 AM

Hi Minu,

Ans 1. The IPSec, in IPSec Direct Encapsulation doesnt support.

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns130/c649/ccmigration_09186a0080685ce8.pdf

Ans 2. In order to get Multicast enabled across the VPN, we can use the Peer to Peer IPSec in GRE

Please visit for more info:

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns656/c649/cdccont_0900aecd80402f07.pdf

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns130/c649/ccmigration_09186a0080685ce8.pdf

However your 3 question I couldnt understand very well, could you please elaborate.

Please feel free to revert back with any queries you might have.

Kind Regards,

Wilson Samuel

PS: Please rate if it helps.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Wilson Samuel

‎08-29-2006 06:05 AM

Minu

If we are talking pure IPSec as per the standards then IPSec is for unicast IP traffic and does not support multicast.

For the most common of the Interior Routing Protocols (especially OSPF and EIGRP) they require multicast for their routing packets. So traditional IPSec did not support Interior routing protocols. The solution was to combine IPSec (not support multicast) with GRE which does support multicast to be able to route with OSPF or EIGRP over IPSec tunnels.

In recent releases Cisco has given an enhancement called Virtual Tunnel Interface and with VTI you run IPSec, do not run GRE, and it is able to support OSPF and EIGRP routing.

I am not clear what the Netscreen is doing. It would be logical that they might be translating all the local addresses to send them over the Internet. And if they were translating all the addrersses then they could establish connectivity over an IPSec tunnel which would provide connectivity to the networks on both ends and still not be running a routing protocol through the IPSec tunnel. If that is not what is happening then perhaps someone who has more experience with this vendor can clarify what is being done here.

HTH

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card