09-27-2005 10:45 PM - edited 03-09-2019 12:32 PM
PIX501->C1841->Network Cloud->C1841->PIX501
Both cisco1841 run GRE. So is the link secure if GRE is running on both C1841 instead of running on PIX501? Please advise or correct me thank you very much any help is deeply appreciated
09-28-2005 06:23 AM
gre doesn't provide encryption at all. that means anyone along the path between two sites can sniff sensitive/confidential information.
if security is a concern, perhaps you may setup an ipsec vpn between pix501s. this solution works only if both pix501s have a public ip.
09-28-2005 11:10 AM
Jack is correct that GRE does not provide much security. What you transmit is slightly obscured because the source and destination addresses are the router addresses not your address or the real destination. But the content of the message is clear text, which can be sniffed etc.
If you are concerned about securing the communication through the Internet then you should consider something like IPSec. It is possible to run IPSec between the two PIX or between the two 1841s. I would probably suggest running it between the 1841s. It is easy to combine GRE with IPSec tunnels. I have implemented this a number of times and it works quite well.
HTH
Rick
09-28-2005 04:26 PM
Thanks alot!!!
If IPSec and GRE are implemented on C1841, What should i do with the pix? please advise. Thank you so much!!!
09-29-2005 05:01 AM
The atchitecture that you have described with the 1841 on the outside of the PIX is a good architecture. The 1841 provides routing, tunneling, and protection of the traffic passing through the Internet. The PIX provides various firewall functions which protect the interior of your network. These services may include NAT, stateful inspection of traffic, and implementation of various security policies that your organization may want to implement.
The PIX is a good firewall. The 1841 is a good router. You should let the router route (and tunnel) and let the PIX provide firewall services. Either box is capable of providing both services. In this architecture each box does what it is best at.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide