Re: IPSec over GRE why ?

[Derek Atkins <derek@ihtfp.com>]

Lars,

Lars Eggert <larse@ISI.EDU> writes:

> On 2/25/2003 1:01 PM, Derek Atkins wrote:
> > Tunneling GRE within IPsec would work, but I would only suggest it if
> > you are trying to tunnel non-IP packets.  If you're just trying to
> > tunnel IP packets, then just use IPsec's tunnel-mode and be done with
> > it.
> 
> Not if existing dynamic routing protocols are required inside the
> virtual topology. See draft-touch-ipsec. (Details in my earlier reply.)

The requirement to run dynamic routing protocols was NOT the question
asked.  Please re-read Shelton's question before commenting on my
answer.  Quoting my answer out of context and applying alternate
requirements is both rude and unhelpful.

In particular, he asked:

> imagine that I have a GRE tunnel to a remote clinic; further suppose I
> need the traffic to be IPSec b/c of HIPPA regs.  Should I have more
> accurately asked for IPSec in GRE, as opposed to GRE w/in IPSec?

I see nothing in here about dynamic routing protocols.  Do you?

> Lars

-derek

PS: I see no earlier reply in this thread.  What is the subject and
messageID of your earlier reply?

-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek@ihtfp.com             www.ihtfp.com