We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is Why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You've Ever Spent on Your Cisco Career!
  • Full Access to our 619 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

 

414 New Members signed up the last 30 days!

satisfaction-guaranteed

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: , , , ,


Forum Replies

  1. Hi Mithun,

    These are not the same. Take a look at this picture from my IPsec lesson:

    https://networklessons.com/wp-content/uploads/2015/08/ipsec-ah-transport-tunnel-mode-headers.png

    When we use IPsec tunnel mode, we encapsulate the original IP packet and put an AH or ESP header and new IP header in front of it. IPsec only supports unicast packets.

    GRE also encapsulates IP packets and it supports multicast traffic. It adds a GRE header in front of the original IP packet and then a new IP header. You can see this in this capture file:

    GRE Encapsulated ICMP Captu

    ... Continue reading in our forum

  2. Hi Rene,

    Thank you for your excellent explanation!!! Can you add IKEv2 configuration? That will be great to learn since it was out in 2005.

  3. Hello Mohammad.

    What exactly is meant by each of the two phrases depends on the context. Encrypted GRE Tunnel with IPSec refers to the encryption of the information sent over a GRE tunnel using the functionalities of IPSec. GRE over IPSec is not that specific and it depends on what the person speaking really means.

    IPSec used in combination with GRE can function in two ways, either in tunnel mode, or transport mode.

    Tunnel mode, which is the default, which is also what Rene has configured in the lesson, the whole GRE packet is encapsulated and encrypted withi

    ... Continue reading in our forum

  4. Hi Hussein,

    The only thing you have to change is the transform set:

    R1(config)#crypto ipsec transform-set MY_TRANSFORM_SET ?
      ah-md5-hmac      AH-HMAC-MD5 transform
      ah-sha-hmac      AH-HMAC-SHA transform
      ah-sha256-hmac   AH-HMAC-SHA256 transform
      ah-sha384-hmac   AH-HMAC-SHA384 transform
      ah-sha512-hmac   AH-HMAC-SHA512 transform
      comp-lzs         IP Compression using the LZS compression algorithm
      esp-3des         ESP transform using 3DES(EDE) cipher (168 bits)
      esp-aes          ESP transform using AES cipher
      esp-des          ESP transform using DE
    ... Continue reading in our forum

  5. Hello Brian

    When you use the ip route command, what you are telling the router is “in order to get to this network, use this next hop IP.” Now the contents of the command is a network address and a subnet mask. So, if you enter the command

    ip route 192.168.23.0 255.255.255.0 192.168.12.2

    then what you are saying is that if you get a packet with a destination IP address in the range 192.168.23.1 to 192.168.23.254, send it to 192.168.12.2.

    If you change the subnet mask, what you’re doing is essentially modifying the range within which the destination address mu

    ... Continue reading in our forum

46 more replies! Ask a question or join the discussion by visiting our Community Forum