Designing site-to-site IPSec VPNs: GRE with IPSec
In October IP Corner article, Boštjan Šuštar describes one of the most commonly used IPSec design options: GRE tunnels protected with IPSec encryption.
NIL's New Year E-Learning promotion: Save 30% on all Remote labs and e-learning courses purchased before January 31st 2009. Click here for more details.
Subscribe to:
Post Comments (Atom)
Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or visit his page on Facebook.
Posts
2 comments:
Under Listing 1 Boštjan Šuštar say:
"If remote sites use dynamically assigned IP addresses, you can use a dynamic crypto map in the central site and use loopback interfaces with static private addresses for GRE peering."
As far as I know the only tunnel interface which works without tunnel destination is GRE multipoint type when combined with NHRP.
How the hub router know how to communicate with dynamic IP addressed spokes without NHRP using only dynamic crypto map?
Forwarded the comment to Boštjan.
Post a Comment