Designing site-to-site IPSec VPNs: GRE with IPSec

In October IP Corner article, Boštjan Šuštar describes one of the most commonly used IPSec design options: GRE tunnels protected with IPSec encryption.

2 comments:

  1. Under Listing 1 Boštjan Šuštar say:

    "If remote sites use dynamically assigned IP addresses, you can use a dynamic crypto map in the central site and use loopback interfaces with static private addresses for GRE peering."

    As far as I know the only tunnel interface which works without tunnel destination is GRE multipoint type when combined with NHRP.

    How the hub router know how to communicate with dynamic IP addressed spokes without NHRP using only dynamic crypto map?

    ReplyDelete
  2. Forwarded the comment to Boštjan.

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.