VPN

peteryouhannafawzy · ‎05-05-2016

If im using ADSL , i wan to make VPN between two sites , i must to use IPSEC over GRE ?

Mark Malone · ‎05-05-2016

Its not a requirement but GRE offers support for Multicast and routing protocols over the vpn but its not advised to use GRE on its own as theres no encryption and everything is clear text so that's why its good to use IPSEC with GRE but you can use IPSEC without GRE

peteryouhannafawzy · ‎05-05-2016

But if i use IPSEC only without GRE , how can i reach the others sites without routing protocols ?

Ben Gartland · ‎05-05-2016

Generally it is based on a static route and an ACL to define the traffic to encapsulate/encrypt to each remote site.

If you want to do something smarter, like run dynamic routing protocol, then GRE over IPsec is required. The other option is DMVPN (this is still GRE over IPsec) but with extra features for dynamic site to site (rather than hub & spoke or fully meshed).

Ben

Joseph W. Doherty · ‎05-06-2016

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages wha2tsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

No, often you don't. As Mark mentions, you might run GRE alone, but as he also mentioned, your data is sent in the clear.

Later IOS versions also support VDI tunnels, which uses IPSec, but without GRE (and its overhead). (NB: you can run routing across VDI tunnels.)