07-10-2012 11:15 PM - edited 03-07-2019 07:42 AM
Hi all.
Dont know but i am confusing a lot in understanding the difference between the above two. By "over" what we mean ? which header comes first ?
When i apply crypto map on physical interface with original IPs (of both ends) in crypto acl, is it GRE over IPSec or other way around ?
Kindly help me out
07-11-2012 12:16 AM
Hello Jonn,
GRE over IPSEC means IPSEC/GRE/IP and is the more common option as GRE is used to build a logical point to point link and IPSEC is used to protect the communication.
IPSEC over GRE should mean GRE/IPSEC/IP but to be noted some people also in the forums use this expression to address the IPSEC/GRE/IP encapsulation and this causes confusion,
When you apply the crypto map over the physical interface the encapsulation is GRE over IPSEC if:
-you have defined on both endpoints a p2p GRE tunnel and you use it to route between remote LAN IP subnets (internal networks that have to be routed within the VPN)
- the crypto ACL lists the GRE traffic as the only interesting traffic to be encrypted
example:
permit gre host
if the there is no GRE Tunnel configured and the crypto ACL specifies some specific IP flow you are dealing with IPSEC/IP just IPSEC.
Hope to help
Giuseppe
02-25-2013 12:08 AM
Hi Giuseppe,
Good explaination on the difference.
May i know if you can further shed some light on under which senario, which method is preferred?
In performance or security wise, which one is a better choice?
Thanks
br,
Zhong
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide