Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1761
Views
0
Helpful
2
Replies

what is the limitation of running IPsec alone without GRE ??

mohammed hashim
Level 1
Level 1

‎06-12-2016 10:53 AM - edited ‎03-08-2019 06:10 AM

hi,

if we have multiple branches, and we want to establish IPsec to all of them, then what are the limitation by running IPsec without GRE?

I tried to read some posts on this but did not get the idea.

the thing is that when you run IPsec ESP in tunnel mode, there are two IPs (Inner and Outer), so why we don't use the inner IP for the routing?

Labels:
0 Helpful
2 Replies 2

Karsten Iwen
VIP
VIP

‎06-12-2016 11:32 AM

One limitation is, that in many implementations you can't tunnel IPv4 and IPv6 over the same VPN.

What is not a limitation is that you can use routing protocols with or without GRE if you use VTIs (virtual tunnel interfaces).

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Karsten Iwen

‎06-12-2016 01:56 PM

To add a bit to the explanation that Karsten provides - IPsec was designed to support unicast packets. If you run IPsec without GRE (or some other tunneling protocol like VTI) then there is no support for forwarding multicast traffic. And with no support for multicast traffic then our interior routing protocols can not run over IPsec without GRE.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card