Got an Interesting Question Today
10Linefigure
Member Posts: 368 ■■■□□□□□□□
in CCDA & CCDP
Hello Everyone!
I was as an interesting question today. Can you use keepalives on encrypted GRE tunnels. My first thought was "yea of course". But when they walked away I started searching and am quite confused now.
1. "Note: GRE keepalives are not supported together with IPsec tunnel protection under any circumstances. This document discusses this issue." source: https://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/118370-technote-gre-00.html
2. "When GRE is used with IPsec, the keepalives are encrypted like any other traffic" Source: https://www.cisco.com/c/en/us/td/docs/ios/12_2sb/feature/guide/sb_gretk.html < this one is along the lines of my initial response.
Note: The 2nd option is from 2006. And the first from 2017. Trust the newer documentation?
Can someone help me make sense of this please
I was as an interesting question today. Can you use keepalives on encrypted GRE tunnels. My first thought was "yea of course". But when they walked away I started searching and am quite confused now.
1. "Note: GRE keepalives are not supported together with IPsec tunnel protection under any circumstances. This document discusses this issue." source: https://www.cisco.com/c/en/us/support/docs/ip/generic-routing-encapsulation-gre/118370-technote-gre-00.html
2. "When GRE is used with IPsec, the keepalives are encrypted like any other traffic" Source: https://www.cisco.com/c/en/us/td/docs/ios/12_2sb/feature/guide/sb_gretk.html < this one is along the lines of my initial response.
Note: The 2nd option is from 2006. And the first from 2017. Trust the newer documentation?
Can someone help me make sense of this please
CCNP R&S, Security+
B.S. Geography - Business Minor
MicroMasters - CyberSecurity
Professional Certificate - IT Project Management
B.S. Geography - Business Minor
MicroMasters - CyberSecurity
Professional Certificate - IT Project Management
Comments
-
craterman
Member Posts: 12 ■□□□□□□□□□
I think if you use IOS 12 then you should trust to old document. I think if you use IOS 15 or any IOS XE then you should trust to new document. But as practice shows, it's better to check this in real environment.