Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
137
Views
1
Helpful
2
Replies

Gre and IPsec

ColForbin
Level 1
Level 1

‎06-07-2025 02:46 AM

Similar set up as a recent project. New customer, I suspect financial companies are trying to button up and make sure everything is encrypted these days. Here’s the setup, this time it’s all static routes. 

HQ router connects on a leased line to a remote office - /30 network. 

That remote office R2 connects to a third office R3 through a commercial isp. The link from R2 to the isp is a /29, only 2 addresses in use. Likewise on the R3 connection to the isp. 
There’s a gre tunnel from R3 to R2. Currently R3 traffic routes over the tunnel to get to R1. 

So now all the traffic from R3 to R1 needs to be encrypted. 
What’s the best approach?

1.  IPsec on the existing tunnel then add another IPsec over gre tunnel from R2 to hq?

2. New gre tunnel from r3 to hq with IPsec over the top of the existing gre?

3. Something else?

There are a  few of these, 5 in total , the connections look like a hand on paper lol

 

Labels:
0 Helpful
2 Replies 2

Rob Ingram
VIP
VIP

‎06-07-2025 03:07 AM - edited ‎06-07-2025 03:32 AM

@ColForbin wrote:

So now all the traffic from R3 to R1 needs to be encrypted. 
What’s the best approach?

 

@ColForbin use FlexVPN static VTI between R1 and R3, this is natively encrypted and you can use GRE over IPSec. 

https://www.cisco.com/c/en/us/support/docs/security/flexvpn/115782-flexvpn-site-to-site-00.html

M02@rt37
VIP
VIP

‎06-07-2025 04:10 AM - edited ‎06-07-2025 04:10 AM

Hello @ColForbin 

Do you use multicast traffic between sites ? 

Multicast for routing protocols or/and apps like video, audio streaming, or financial market data feeds ?

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful
Customers Also Viewed These Support Documents