[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IPSec over GRE why ?
RE: IPSec over GRE why ?
Presumably because it's the way Cisco treats Ipsec = which is as an encapsulation. This means you cannot run your routing = protocols over it directly. Cisco requires GRE for that, which though = good in certain cases, is mostly an overhead. Many other vendors treat = Ipsec as an interface, modelling it as a logical construct, enabling = running routing protocols directly over the Ipsec = interfaces.
Rgds
Shashi Kiran
-----Original Message-----
From: Shelton, Raymond A. [<3d.htm>mailto:SheltonR@health.miss= ouri.edu]
Sent: Tuesday, February 25, 2003 11:43 AM
To: Derek Atkins; ssakhuja@cisco.com
Cc: ipsec@lists.tislabs.com
Subject: RE: IPSec over GRE why ?
I wasn't that person, but let's pretend I play him on = T.V. for a moment...
imagine that I have a GRE tunnel to a remote clinic; = further suppose I need the traffic to be IPSec b/c of HIPPA regs. = Should I have more accurately asked for IPSec in GRE, as opposed to GRE = w/in IPSec?
ras
-----Original Message-----
From: Derek Atkins [<3d.htm>mailto:derek@ihtfp.com]
Sent: Tuesday, February 25, 2003 11:24 AM
To: ssakhuja@cisco.com
Cc: ipsec@lists.tislabs.com
Subject: Re: IPSec over GRE why ?
Why don't you ask the person who told you to use = GRE?
-derek
"Sandeep Sakhuja" = writes:
> Hi
>
> I am Sandeep. I am working on implementing = IPSec lab. When implementing IPSec
> across different routing domains we need to use = GRE or IIPTran. My Question is
> why do I have to use the same. IPSec does not = support multicast packets that is
> known, but then my interesting traffic which I = need to be protected is not the
> routing updates, so why do I have to use GRE = ?
>
> Thanks
> - Sandeep
>
--
Derek = Atkins
Computer and = Internet Security Consultant
= derek@ihtfp.com www.ihtfp.com