GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
Re: GRE over IPSec [7:96836] posted 02/12/2005
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


Here's an excerpt from Cisco site:

http://www.cisco.com/en/US/partner/tech/tk827/tk369/technologies_configuration_example09186a0080093f70.shtml

Note: With IOS 12.2(13)T software and later (higher numbered T-train
software, 12.3 and later), the configured IPSec crypto map only needs to be
applied to the physical interface and is no longer required to be applied on
the GRE tunnel interface. Having the crypto map on the physical and tunnel
interface when using the 12.2.(13)T software and later should still work;
however, Cisco highly recommends that you apply it just on the physical
interface.





""Thomas N""  wrote in message
news:200502110404.j1B44Y3o028827@xxxxxxxxxxxxxxxxx
> I got site-to-site VPN tunnels setup using GRE over IPSec via Cisco VPN
> routers. I heard a forum that recent version of IOS do not require to put
> the "crypto map " under the tunnel interface since it's already put on
> the physical outside interface (serial, etc.).  Put that command on both
> tunnel and serial interfaces would make it "double encryption" and
therefore
> degrade the throughput?  Is this true? If so, what IOS version Cisco
started
> removing "crypto map " from the tunnel interface? I am running IOS
> version 12.3(11)T2, which is pretty latest.  Thanks in advance!
>
> Thomas




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=96857&t=96836
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html