[c-nsp] site-to-site vpn, ipsec-gre, 2811/HSEC
Brad Hedlund
brhedlun at cisco.com
Tue Jan 6 23:40:39 EST 2009
On 1/6/09 10:06 PM, "ChrisSerafin" <chris at chrisserafin.com> wrote:
> Unless you need this for legacy IPX or some layer 2 stuff going across
> the VPN, why not use the 'good ole, plain ole' IPSEC VPN?
Plain IPSEC VPN does not work well for dynamic routing and any-to-any VPN's.
If dynamic routing is required you can go tunnel-less with GET VPN. However
if routing private IP addresses across a public cloud is required you cannot
escape the tunnel.
Cheers,
Brad Hedlund
bhedlund at cisco.com
http://www.internetworkexpert.org
More information about the cisco-nsp
mailing list