[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: IPSec over GRE why ?
Well, a better question back at you. If you're using IPsec, why do
you need a GRE tunnel? What's wrong with just using the IPsec tunnel?
Tunneling IPsec within GRE would still leave you open to attack,
because you'd have to block all non-IPsec traffic anyways (to make
sure someone couldn't insert traffic into your VPN). So what purpose
is the GRE serving at that point?
Tunneling GRE within IPsec would work, but I would only suggest it if
you are trying to tunnel non-IP packets. If you're just trying to
tunnel IP packets, then just use IPsec's tunnel-mode and be done with
it.
-derek
"Shelton, Raymond A." <SheltonR@health.missouri.edu> writes:
> I wasn't that person, but let's pretend I play him on T.V. for a moment...
> imagine that I have a GRE tunnel to a remote clinic; further suppose I need the traffic to be IPSec b/c of HIPPA regs. Should I have more accurately asked for IPSec in GRE, as opposed to GRE w/in IPSec?
>
> ras
>
>
>
> -----Original Message-----
> From: Derek Atkins [mailto:derek@ihtfp.com]
> Sent: Tuesday, February 25, 2003 11:24 AM
> To: ssakhuja@cisco.com
> Cc: ipsec@lists.tislabs.com
> Subject: Re: IPSec over GRE why ?
>
>
> Why don't you ask the person who told you to use GRE?
>
> -derek
>
> "Sandeep Sakhuja" <ssakhuja@cisco.com> writes:
>
> > Hi
> >
> > I am Sandeep. I am working on implementing IPSec lab. When implementing IPSec
> > across different routing domains we need to use GRE or IIPTran. My Question is
> > why do I have to use the same. IPSec does not support multicast packets that is
> > known, but then my interesting traffic which I need to be protected is not the
> > routing updates, so why do I have to use GRE ?
> >
> > Thanks
> > - Sandeep
> >
>
> --
> Derek Atkins
> Computer and Internet Security Consultant
> derek@ihtfp.com www.ihtfp.com
--
Derek Atkins
Computer and Internet Security Consultant
derek@ihtfp.com www.ihtfp.com