[c-nsp] GRE vs IPIP

Rodney Dunn rodunn at cisco.com
Mon Mar 10 08:09:00 EDT 2008 

And another data point...GRE is more commonly used and it
what I see tested the most internally so I would try to stick
with that.

It gets more field exposure.

Rodney

On Sat, Mar 08, 2008 at 05:28:40PM -0600, neal rauhauser wrote:
>    Felix,
> 
>       The IP in IP encapsulation slips right through any provider, while GRE
> is protocol 47 and may be filtered (just like PPTP). I use both with
> primarily EIGRP as the IGP in the tunnel and they both work fine. Do look
> into the tunnel protection mode stuff - much easier than traditional crypto
> maps for protecting traffic. Here are some hints on what to do ...
> 
> crypto isakmp policy 1
>  encr 3des
>  hash md5
>  authentication pre-share
>  group 2
> 
> crypto ipsec transform-set REMOTES ah-md5-hmac esp-3des
> 
> crypto ipsec profile VPN-REMOTES
>  set transform-set REMOTES
> 
> interface Tunnel50
>  tunnel mode ipsec ipv4
>  tunnel protection ipsec profile VPN-REMOTES
> 
> 
> 
> On Sat, Mar 8, 2008 at 11:59 AM, Felix Bako <fbako at africaonline.co.ke>
> wrote:
> 
> > Hello,
> > I would Like to do a secure site to site VPN.
> > Whats it the advantage of using either GRE over IPSEC or IPIP over IPSEC.
> > Since I will need to run an IGP between the Two sites
> >
> > Cheers
> > --
> >
> > Best Regards,
> >
> > Felix Bako
> > Network Engineer
> > Africa Online, Kenya
> > Tel: +254 (20) 27 92 000
> > Fax: +254 (20) 27 100 10
> > Email: fbako at africaonline.co.ke
> > Aim:felixbako
> >
> >
> >
> >
> > * Africa Online Disclaimer and Confidentiality Note *
> >
> >
> > This e-mail, its attachments and any rights attaching hereto are, unless
> > the context clearly indicates otherwise, the property of Africa Online
> > Holdings (Kenya) Limited and / or its subsidiaries ("the Group"). It is
> > confidential and intended for the addressee only. Should you not be the
> > addressee and have received this e-mail by mistake, kindly notify the
> > sender, delete this e-mail immediately and do not disclose or use the
> > same in any manner whatsoever. Views and opinions expressed in this
> > e-mail are those of the sender unless clearly stated as those of the
> > Group. The Group accepts no liability whatsoever for any loss or
> > damages, however incurred, resulting from the use of this e-mail or its
> > attachments. The Group does not warrant the integrity of this e-mail,
> > nor that it is free of errors, viruses, interception or interference.
> > For more information about Africa Online, please visit our website at
> > http://www.africaonline.com
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> 
> 
> 
> -- 
> mailto:Neal at layer3arts.com //
> GoogleTalk: nrauhauser at gmail.com
> IM: nealrauhauser
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list