Hot Downloads



The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1

TOPIC: IPSec GRE Tunnels VS Traditional Site to Site VPN's

IPSec GRE Tunnels VS Traditional Site to Site VPN's 7 years 10 months ago #36581

  • JamieP
  • JamieP's Avatar Topic Author
  • Offline
  • Frequent Member
  • Frequent Member
  • Posts: 60
  • Thank you received: 0
Hi guys,

I'm really interested to see what everyones opinion on this is.

My company currently uses what i would call traditional site to site VPN's using crypto maps, main site has a pair of ASA's in HA and remote sites use ISR's like 1801's.

I've recently been playing in my lab with GRE tunnels using IPSec protection (note this is config from my labs, so ip's and key's are just randomly selected)

[code:1]crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
crypto isakmp key oaWDS0HSJS0 address
crypto ipsec transform-set esp-aes256-sha esp-aes 256 esp-sha-hmac
crypto ipsec profile IPSEC_TUNNEL
set transform-set esp-aes256-sha
interface Tunnel13
ip address
tunnel source fa0/0
tunnel destination
tunnel protection ipsec profile IPSEC_TUNNEL[/code:1]

I've never really seen them in use before, but it seems pretty good to me, because you can put a routing protocol over it without any special modifications, plus you dont have the headache of "interesting traffic" ACL's

The only draw back for me is that ASA's dont support GRE tunnels, but i am looking at redesigning our enterprise edge, so i'm now thinking would it be worth replacing the ASA's with some high spec routers to handel VPN traffic.

what's anyones opinion on this?
Jamie Parks
Network Engineer, UK

Re: IPSec GRE Tunnels VS Traditional Site to Site VPN's 6 years 8 months ago #37992

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Administrator
  • Posts: 1447
  • Karma: 8
  • Thank you received: 13
Chris Partsenidis.
Founder & Editor-in-Chief
  • Page:
  • 1
Time to create page: 0.146 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup