- A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: GRE over IPSec [7:96836] posted 02/12/2005
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]

Here's an excerpt from Cisco site:

Note: With IOS 12.2(13)T software and later (higher numbered T-train
software, 12.3 and later), the configured IPSec crypto map only needs to be
applied to the physical interface and is no longer required to be applied on
the GRE tunnel interface. Having the crypto map on the physical and tunnel
interface when using the 12.2.(13)T software and later should still work;
however, Cisco highly recommends that you apply it just on the physical

""Thomas N""  wrote in message
> I got site-to-site VPN tunnels setup using GRE over IPSec via Cisco VPN
> routers. I heard a forum that recent version of IOS do not require to put
> the "crypto map " under the tunnel interface since it's already put on
> the physical outside interface (serial, etc.).  Put that command on both
> tunnel and serial interfaces would make it "double encryption" and
> degrade the throughput?  Is this true? If so, what IOS version Cisco
> removing "crypto map " from the tunnel interface? I am running IOS
> version 12.3(11)T2, which is pretty latest.  Thanks in advance!
> Thomas

Message Posted at:
FAQ, list archives, and subscription info: