[c-nsp] FW: GRE vs IPIP

Mark Lewis mark at mjlnet.com
Mon Mar 10 09:57:29 EDT 2008 


-----Original Message-----
From: Mark Lewis [mailto:mark at mjlnet.com] 
Sent: 10 March 2008 13:57
To: 'neal rauhauser'
Subject: RE: [c-nsp] GRE vs IPIP

> 
>    Felix,
> 
>       The IP in IP encapsulation slips right through any provider, while
> GRE
> is protocol 47 and may be filtered (just like PPTP). 
> 
> 


Eeeer, perhaps I am missing something here, but I thought the question was
about using GRE/IP-IP *over* IPsec (rather than the other way around). If
that is the case (and assuming ESP with a non-null encryption alg is in the
mix), the provider could (hopefully!) only see IP prot 50/51 (ESP/AH),
rather than GRE/IP-IP.

So, filtering, unless it's filtering of 50/51 (!), shouldn't come into it...


Mark




> 
> On Sat, Mar 8, 2008 at 11:59 AM, Felix Bako <fbako at africaonline.co.ke>
> wrote:
> 
> > Hello,
> > I would Like to do a secure site to site VPN.
> > Whats it the advantage of using either GRE over IPSEC or IPIP over
> IPSEC.
> > Since I will need to run an IGP between the Two sites
> >
> > Cheers
> > --
> >
> > Best Regards,
> >
> > Felix Bako
> > Network Engineer
> > Africa Online, Kenya
> > Tel: +254 (20) 27 92 000
> > Fax: +254 (20) 27 100 10
> > Email: fbako at africaonline.co.ke
> > Aim:felixbako
> >
> >
> >
> >
> > * Africa Online Disclaimer and Confidentiality Note *
> >
> >
> > This e-mail, its attachments and any rights attaching hereto are, unless
> > the context clearly indicates otherwise, the property of Africa Online
> > Holdings (Kenya) Limited and / or its subsidiaries ("the Group"). It is
> > confidential and intended for the addressee only. Should you not be the
> > addressee and have received this e-mail by mistake, kindly notify the
> > sender, delete this e-mail immediately and do not disclose or use the
> > same in any manner whatsoever. Views and opinions expressed in this
> > e-mail are those of the sender unless clearly stated as those of the
> > Group. The Group accepts no liability whatsoever for any loss or
> > damages, however incurred, resulting from the use of this e-mail or its
> > attachments. The Group does not warrant the integrity of this e-mail,
> > nor that it is free of errors, viruses, interception or interference.
> > For more information about Africa Online, please visit our website at
> > http://www.africaonline.com
> >
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
> 
> 
> 
> --
> mailto:Neal at layer3arts.com //
> GoogleTalk: nrauhauser at gmail.com
> IM: nealrauhauser
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list