Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2839
Views
0
Helpful
1
Replies

Gdoi and the when to use it

TRACY HARTMANN
Level 1
Level 1

‎10-15-2012 02:17 PM - edited ‎03-04-2019 05:51 PM

I just upgraded several of my small sites that I do GRE tunnels to from a host router.   When I am configuring these GRE tunnels the statement only GDOI crypto map is supported on tunnel interface.   Should I be switching all of my GRE tunnels to GDOI, what is this type of configuration used for?                       

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Peter Paluch
Cisco Employee
Cisco Employee

‎10-15-2012 02:33 PM

Hi Tracy,

You should not configure a crypto map on the Tunnel interface. If you want to use IPsec-protected GRE tunnels, you should either configure the crypto map on the non-Tunnel interface towards the ISP, or create a crypto profile and use it on the Tunnel interface using the tunnel protection ipsec command. Once again, however, do not configure any crypto map on the Tunnel interface directly.

The GDOI is a relatively new concept of deploying IPsec VPNs over a MPLS or similar VPN where the basic VPN connectivity and isolation is already provided by the service provider and you want to use additional confidentiality, authentication and integrity protection over this existing VPN. Without going into too much detail, I believe that you do not need GDOI right now - you'd know about it otherwise

Best regards,

Peter

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card