We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 644 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

460 Sign Ups in the last 30 days

satisfaction-guaranteed
100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , , ,


Forum Replies

  1. Hi Zaw,

    The most security solution is to use a pre-shared key for each hub/spoke combination. If you have 100 spokes, you’ll need to configure 100 pre-shared keys. For a few spoke routers this is no problem but if you have a lot then this will become an administrative nightmare. GETVPN is more suitable for larger setups, that’s something I’ll cover in another lesson :slight_smile:

    Rene

  2. Hello laz,
    I have a few questions.

    1. Would you please let me know the order of operations when a packet is being sent over a DMVPN protected with IPSEC tunnel?
      My understanding is route lookup which is the tunnel interface-----GRE encapsulation-----IPSEC encapsulation—exit out of the interface. Please let me know if it is correct?
    2. If the IPSEC tunnel goes down still I should be able to send out traffic through the GRE tunnel. The only problem is the traffic will not be encrypted. Is it correct?
    3. For the sake of this conversation, let’s just say I have only one SP
    ... Continue reading in our forum

  3. Hello Azm

    For this question, Cisco has an excellent example and explanation as to the order of operations for the scenario you describe. This information can be found here.

    ... Continue reading in our forum

  4. Hello Laz,
    The config is below

    //cdn-forum.networklessons.com/uploads/default/original/1X/59ddc90f7d83846a041948119131c403661d2e72.png

    HUB#sho run inter tunnel 0
    
    !
    interface Tunnel0
     ip address 10.0.0.1 255.255.255.0
     no ip redirects
     ip nhrp map multicast dynamic
     ip nhrp network-id 1
     ip nhrp redirect
     tunnel source 1.1.1.1
     tunnel mode gre multipoint
    end
    
    
    HUB#sho run inter ethernet 0/1
    
    !
    interface Ethernet0/1
     description WAN INTERFACE
     ip address 1.1.1.1 255.255.255.0
    
    ip route 0.0.0.0 0.0.0.0 Tunnel0
    
    HUB#ping 10.10.10.4 source tunnel 0
    Type escape sequ
    ... Continue reading in our forum

  5. hello Rene
    can you please advice on difference between IPEC over GRE and GRE over IPSEC
    i mean , practically it apply crypto profile to tunnel interface does it mean ipsec over gre … ?
    pleases if you share example of this 2 thing would be really helpful…

33 more replies! Ask a question or join the discussion by visiting our Community Forum