There seems to be a little confusion on this issue. Hopefully I can clear a couple things up for you.
GRE stands for Generic Router Encapsulation protocol. It is a tunnelling protocol similar to PPTP. It is considered a Layer 4 protocol(IP protocol #47). What it does is create a virtual point to point interface on a routing device. The other end is another routing device doing the same.
It is used to do stuff like send routing protools(eg OSPF) from one router to another without transit routers getting involved. It can also be used to connect to seperate networks as if they were part of the same LAN(iow, networks that would normally be on different routing domains)
GRE is an unecrypted protocol, however. If you need to encrypt the data then you need an encryption protocol. This is where IPSEC comes in. IPSEC is another IP protocol(#50). When used in conjunction with GRE the only protocol your routers need to allow is GRE.
The TCP 500 sounds to me to be an error. They were most likely referring to UDP 500 which is ISAKMP, the key key exhcange protocol used with IPSEC. If they are properly using GRE then the ISAKMP traffic should also be encapsulated in GRE.
-----Original Message-----
From: Jesus Gonzalez [mailto:[EMAIL PROTECTED]]
Sent: Monday, March 12, 2001 4:10 PM
To: [EMAIL PROTECTED]
Subject: IPSEC and GRE
Hi all,
I have a question that I'm a bit embarassed to ask.
We have users in our office that need access to a remote network that has a
compatible systems (now Cisco) VPN switch. I was told that in order to
allow this
through our firewall, I had to open up ports TCP 500 and GRE47. My question
concerns GRE. Is GRE a protocol like TCP/UDP/ICMP? Or is it a subset of
TCP?
In trying to configure my firewall (secure computing) I only see options for
TCP and UDP ports when trying to map a port.
Also, I believe I read in one of Cisco's tech bulletins that your Cisco
router must be running a certain version of the IOS in order for this to
work. WHY???
Can someone please explain to me, in simple terms <grin> what exactly GRE
is?
Thanks in advance for your help!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
