Hi Taqdir This has been always a confusing subject but quite interesting.
There is no terminology as IPSec over GRE. It is always GREoIPSec. But the question, do you want to put the IPSec into GRE or GRE into IPSec. It all depends on your configuration. GREoIPSec is mostly used, when we need encryption but the traffic is not IPSec compatible. For example, multicast or non IP traffic can't be encapsulated directly into IPSec. Hence first we encapsulate using GRE and then place it in IPSec. When you apply crypto map directly on the GRE tunnel interface, IPSec encapulates the interesting traffic and then this IPSec packet is placed into GRE. interface Tunnel0 ip address 10.20.30.40 tunnel source FastEthernet1/0 tunnel destination 10.20.30.43 crypto map vpn or interface Tunnel0 ip address 10.20.30.40 tunnel source FastEthernet1/0 tunnel destination 10.20.30.43 tunnel protection ipsec profile mine When you apply crypto map on the physical interface to which the GRE tunnel is sourced and have interesting traffic as GRE, then the GRE traffic is placed into IPSec. interface Tunnel0 ip address 10.20.30.40 255.255.255.0 tunnel source FastEthernet1/0 tunnel destination 10.20.30.43 int FastEthernet1/0 crypto map vpn With regards Kings On Sun, Aug 30, 2009 at 6:58 PM, Taqdir Singh <[email protected]>wrote: > could any one please clear the the basic diff bet > > gre over ipsec vs ipsec over gre > > > > -- > Taqdir Singh | Network Engineering | 09911709496 > > Do today what others won't so you can live tomorrow as others can't > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
