I just upgraded several of my small sites that I do GRE tunnels to from a host router. When I am configuring these GRE tunnels the statement only GDOI crypto map is supported on tunnel interface. Should I be switching all of my GRE tunnels to GDOI, what is this type of configuration used for?
You should not configure a crypto map on the Tunnel interface. If you want to use IPsec-protected GRE tunnels, you should either configure the crypto map on the non-Tunnel interface towards the ISP, or create a crypto profile and use it on the Tunnel interface using the tunnel protection ipsec command. Once again, however, do not configure any crypto map on the Tunnel interface directly.
The GDOI is a relatively new concept of deploying IPsec VPNs over a MPLS or similar VPN where the basic VPN connectivity and isolation is already provided by the service provider and you want to use additional confidentiality, authentication and integrity protection over this existing VPN. Without going into too much detail, I believe that you do not need GDOI right now - you'd know about it otherwise
Cisco SD-WAN Cloud OnRamp allows you to simplify and secure connectivity to cloud applications and public clouds. Interested in testing out the latest Cisco Cloud OnRamp solutions?
Sign up to try out various use cases with the Cisco SD-WAN Cloud ...
Please use the new link http://cs.co/CoR-Trial for Demo and updated guides.
Cisco SD-WAN Cloud OnRamp allows you to simplify and secure connectivity to cloud applications and public clouds. Interested in testing out the latest ...
“Catalyst 8500 Series - Deep Dive”
This event will have place on Tuesday 17th, November 2020 at 10hrs PDT
The Catalyst 8500 Series Edge Platforms are built with the highly programmable, third-generation Cisco Quantum Flow Processor and designed for ...
“Catalyst 8000 Edge Platforms Family Overview”
This event will have place on Wednesday 4th, November 2020 at 10hrs PDT
Designed for an intent-based networks, the Cisco Catalyst 8000 Edge Platforms family offers best-in-class networking and security ...
I'm currently redistributing OSPF to BGP and setting a local pref on the routes. Currently this works fine and having no issues. ip prefix-list ospf-routes seq 10 permit 172.16.100.0/24
route-map ospf-bgp permit 10
match ip address prefix-list ...