IPSEC over GRE: The advantages of this configuration is you can run routing protocols through the tunnel. That means that routing protocols treat it like an interface or a separate link. That allows you to impliment an ISDN or something like a zero CIR frame backup for the tunnel. You have to be carefull how you configure this though. Tunnel interfaces don't go up and down like normal interfaces. Also, They don't support all the metrics in EIGRP like "reliability" if you wanted to bring that metric into the picture. At least they didn't as of 12.0 (last time I looked) The main disadvantage is overhead. GRE is pretty inefficient. I have not investigated it personnally, but somebody told me that the overhead for GRE averages around 40%. Add the overhead of IPSEC to the picture and your wasting a lot of bandwidth for protocol overhead. Depending on the switching path, router cpu utilization might be a issue too. Hope this helps Tony M #6172 ----- Original Message ----- From: Ciscodog To: Sent: Saturday, July 07, 2001 12:32 AM Subject: IPsec tunnel mode vs. GRE tunnel with IPsec [7:11236] > I was recently looking at these two options for connecting branch offices for > an alternative to a point-to-point WAN link. I have in the past implemented > IPsec which by default is in tunnel mode for any packet that doesn't > originate > from the direct peers. However I was reading a bit the other day and came > across the GRE tunnel with IPsec solution and was wondering if this was > legacy, or better option for my situation. Does anyone have a quick pros/cons > response to the 2 scenarios? > > > Thanks Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=11255&t=11236 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
