CCNP Routing notes : IPsec and GRE tunnels

GRE tunnels can run through IPsec tunnels

For a GRE tunnel to be up between two routers,Tunnel interfaces must be in the same subnet.

Benefits of using GRE tunnels with IPsec over using IPsec tunnel alone for building site-to-site VPNs
Allows dynamic routing securely over the tunnel
Supports non-IP traffic over the tunnel

Main steps in configuring GRE tunnel over IPsec on cisco routers
Configure a physical interface or create a loopback interface to use as the tunnel end point
Create the GRE tunnel interfaces
Add the tunnel subnet to the routing process so that it exchanges routing updates across that interface
Add GRE traffic to the crypto access-list so that IPsec encrypts the GRE tunnel traffic

Statements about OP multicast configuration
PIM sparse mode and PIM sparse-dense mode require an RP on the network
PIM dense mode interfaces are always added to the multicast routing table in a router
PIM sparse-dense mode acts as PIM dense mode if an RP is not known

Situations that need use of multiple routing protocols
When using UNIX host-based routers
When migrating from an older interior Gateway Protocol (IGP) to a new IGP

Methods use IPsec to provide secure connectivity from the branch office to the headquarters office
DMVPN
Virtual Tunnel Interface(VTI)

0 comments:

Post a Comment