SDN/SDDC Retreat in Miami, Florida (November 4th-6th)
Separate SDN hype from real life!

Designing site-to-site IPSec VPNs: GRE with IPSec

In October IP Corner article, Boštjan Šuštar describes one of the most commonly used IPSec design options: GRE tunnels protected with IPSec encryption.


  1. Under Listing 1 Boštjan Šuštar say:

    "If remote sites use dynamically assigned IP addresses, you can use a dynamic crypto map in the central site and use loopback interfaces with static private addresses for GRE peering."

    As far as I know the only tunnel interface which works without tunnel destination is GRE multipoint type when combined with NHRP.

    How the hub router know how to communicate with dynamic IP addressed spokes without NHRP using only dynamic crypto map?

  2. Forwarded the comment to Boštjan.


You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.