?
Solved

GRE/IPSEC VS Site-To-Site VPN

Posted on 2006-04-29
1
Medium Priority
?
2,289 Views
Last Modified: 2012-05-05
Hi,

can anyone shade light on which one is a better option to have in terms of security . managebility , configuration and administration if you are talking about only Router to Router meaning branch router to head office router using Cisco 1800 and 2800 Routers. I hope my point is clear. +

if any good links on how to configure GRE Tunnel with IPSec would be of great help.

0
Comment
Question by:lomaree
1 Comment
 
LVL 9

Accepted Solution

by:
stressedout2004 earned 150 total points
ID: 16573193
Put it this way, if you are running dynamic routing protocols (OSPF, EIGRP.. etc) on each router and would like to dynamically exchange routing updates or multicast traffic or non IP traffic over the VPN tunnel, then you should no doubt use GRE/IPSEC. If you have static routes and just IP traffic that will be going over the tunnel, use plain IPSEC.  Both solution offers security. Configuration of both is pretty straightforward, but GRE/IPSEC can be complicated on the routing side of things.

This is the simplest config I can find (Just ignore the CBAC and NAT part):

Configuring Router-to-Router IPSec (Pre-shared Keys) on GRE Tunnel with CBAC and NAT
http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00800946b8.shtml
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question