The difference, in my case, is that the second VPN peer is a Cisco 861 IOS based router. Can IOS do OSPF over the site-to-site VPN, or is a GRE tunnel needed? Where can I find reference material to help me set this up?
You can use static VTIs with or with out GRE. The difference is with the way router builds the IPSEC SA proxies. If you use the default gre mode, the traffic hitting the tunnel interface is GRE encapsulated using tunnel source and destination ips and then the IPSEC SAs is built using same source and destination ips. This means that tunnel source and destination IPs must be reachable. This is pretty much the only downside I can think of. In a traditional GRE over IPSEC set up you don't have this requirement (you use IPSEC to provide tunnel end point reach ability).
So, if you want encrypt multicast with out GRE encapulation you can use VTI in tunnel mode (tunnel mode ipsec ipv4). In this case the router builds IPSEC SAs for all source and destination (0.0.0.0/0.0.0.0) using tunnel source and destination ip.
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...