[c-nsp] GRE vs IPIP

neal rauhauser nrauhauser at gmail.com
Sat Mar 8 18:28:40 EST 2008 

   Felix,

      The IP in IP encapsulation slips right through any provider, while GRE
is protocol 47 and may be filtered (just like PPTP). I use both with
primarily EIGRP as the IGP in the tunnel and they both work fine. Do look
into the tunnel protection mode stuff - much easier than traditional crypto
maps for protecting traffic. Here are some hints on what to do ...

crypto isakmp policy 1
 encr 3des
 hash md5
 authentication pre-share
 group 2

crypto ipsec transform-set REMOTES ah-md5-hmac esp-3des

crypto ipsec profile VPN-REMOTES
 set transform-set REMOTES

interface Tunnel50
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile VPN-REMOTES



On Sat, Mar 8, 2008 at 11:59 AM, Felix Bako <fbako at africaonline.co.ke>
wrote:

> Hello,
> I would Like to do a secure site to site VPN.
> Whats it the advantage of using either GRE over IPSEC or IPIP over IPSEC.
> Since I will need to run an IGP between the Two sites
>
> Cheers
> --
>
> Best Regards,
>
> Felix Bako
> Network Engineer
> Africa Online, Kenya
> Tel: +254 (20) 27 92 000
> Fax: +254 (20) 27 100 10
> Email: fbako at africaonline.co.ke
> Aim:felixbako
>
>
>
>
> * Africa Online Disclaimer and Confidentiality Note *
>
>
> This e-mail, its attachments and any rights attaching hereto are, unless
> the context clearly indicates otherwise, the property of Africa Online
> Holdings (Kenya) Limited and / or its subsidiaries ("the Group"). It is
> confidential and intended for the addressee only. Should you not be the
> addressee and have received this e-mail by mistake, kindly notify the
> sender, delete this e-mail immediately and do not disclose or use the
> same in any manner whatsoever. Views and opinions expressed in this
> e-mail are those of the sender unless clearly stated as those of the
> Group. The Group accepts no liability whatsoever for any loss or
> damages, however incurred, resulting from the use of this e-mail or its
> attachments. The Group does not warrant the integrity of this e-mail,
> nor that it is free of errors, viruses, interception or interference.
> For more information about Africa Online, please visit our website at
> http://www.africaonline.com
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>



-- 
mailto:Neal at layer3arts.com //
GoogleTalk: nrauhauser at gmail.com
IM: nealrauhauser

More information about the cisco-nsp mailing list