Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: IPSec GRE Tunnels VS Traditional Site to Site VPN's

IPSec GRE Tunnels VS Traditional Site to Site VPN's 5 years 8 months ago #36581

  • JamieP
  • JamieP's Avatar
  • Offline
  • Frequent Member
  • Posts: 60
  • Karma: 0
Hi guys,

I'm really interested to see what everyones opinion on this is.

My company currently uses what i would call traditional site to site VPN's using crypto maps, main site has a pair of ASA's in HA and remote sites use ISR's like 1801's.

I've recently been playing in my lab with GRE tunnels using IPSec protection (note this is config from my labs, so ip's and key's are just randomly selected)

[code:1]crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
!
crypto isakmp key oaWDS0HSJS0 address 18.4.27.2
!
crypto ipsec transform-set esp-aes256-sha esp-aes 256 esp-sha-hmac
!
crypto ipsec profile IPSEC_TUNNEL
set transform-set esp-aes256-sha
!
interface Tunnel13
ip address 10.0.0.1 255.255.255.252
tunnel source fa0/0
tunnel destination 18.4.27.2
tunnel protection ipsec profile IPSEC_TUNNEL[/code:1]

I've never really seen them in use before, but it seems pretty good to me, because you can put a routing protocol over it without any special modifications, plus you dont have the headache of "interesting traffic" ACL's

The only draw back for me is that ASA's dont support GRE tunnels, but i am looking at redesigning our enterprise edge, so i'm now thinking would it be worth replacing the ASA's with some high spec routers to handel VPN traffic.

what's anyones opinion on this?
Jamie Parks
Network Engineer, UK
The administrator has disabled public write access.

Re: IPSec GRE Tunnels VS Traditional Site to Site VPN's 4 years 6 months ago #37992

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.
Time to create page: 0.080 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup