Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
568
Views
0
Helpful
2
Replies

IPSEC and routing protocols

farancci
Level 1
Level 1

‎03-18-2005 01:05 PM - edited ‎02-21-2020 01:40 PM

Using IPSEC Why do we need to use GRE or transport mode for routing protocols.

Labels:
0 Helpful
2 Replies 2

d-garnett
Level 3
Level 3

‎03-18-2005 01:19 PM

Because most IGP Routing Protocols (i.e., eigrp, ospf) use Multicast for propagation (between neighboring routers) to build their IP Ruoting tables.

IPSec can forward multicast IP data, but GRE can.

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni

‎03-18-2005 02:58 PM

With IPSec you establish a policy that says encrpyt a packet when it goes from this adreess to that address, and send the packet to this remote IP address.

So things like broadcast and mulicast dont work, which many routing protcols need.

Additionally because the encrytion address range is statically declared the network doesn't respond well to changes in its topology (usually cauused by device or link failure).

GRE over IPSec looks like a simple point to point link. Routing protocls can use it, and can route around failures.

Generally I use IPSec for small networks, and GRE over IPSec for medium to large networks.

0 Helpful
Customers Also Viewed These Support Documents