Designing site-to-site IPSec VPNs: GRE with IPSec
In October IP Corner article, Boštjan Šuštar describes one of the most commonly used IPSec design options: GRE tunnels protected with IPSec encryption.
Subscribe to:
Post Comments (Atom)
Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or visit his page on Facebook.
Posts
2 comments:
Under Listing 1 Boštjan Šuštar say:
"If remote sites use dynamically assigned IP addresses, you can use a dynamic crypto map in the central site and use loopback interfaces with static private addresses for GRE peering."
As far as I know the only tunnel interface which works without tunnel destination is GRE multipoint type when combined with NHRP.
How the hub router know how to communicate with dynamic IP addressed spokes without NHRP using only dynamic crypto map?
Forwarded the comment to Boštjan.
Post a Comment
If you're using Internet Explorer, your first attempt to publish a comment will probably fail (a feature of Blogger). Don't worry, just press the Post Comment button again.