When do i have to use a gre over ipsec tunnel? i have heard that when i m using a routing protocol and vpn site to site i need a gre tunnel

Similar Messages

• When do i have to use a gre over ipsec tunnel? i have heard that when i m using a routing protocol and vpn site to site i need a

  i have configured a network with ospf and a vpn site to site without gre tunnel and it works very well. I want to know, when do i have to use gre tunnel over ipsec

  Hi josedilone19
  GRE is used when you need to pass Broadcast or multicast traffic.  That's the main function of GRE.
  Generic Routing Encapsulation (GRE) is a protocol that encapsulates packets in order to route other protocols over IP networks
  However there are some other important aspect to consider: 
  In contrast to IP-to-IP tunneling, GRE tunneling can transport multicast and IPv6 traffic between networks
  GRE tunnels encase multiple protocols over a single-protocol backbone.
  GRE tunnels provide workarounds for networks with limited hops.
  GRE tunnels connect discontinuous sub-networks.
  GRE tunnels allow VPNs across wide area networks (WANs).
  -Hope this helps -

• Okay so when I try to download apps on my phone a totally different Apple ID that I've never used before popped up. I've already tried settings under apps/iTunes and signed into my own apple account. But even doing so my apple Id won't show up

  Okay so when I try to download apps on my phone a totally different Apple ID that I've never used before popped up. I've already tried settings under apps/iTunes and signed into my own apple account. But even doing so my apple Id won't show up

  Try this:
  Open the iTunes app, select the Music tab, then scroll all the way down to the bottom.  Here you can sign out of any current Apple ID and sign into a new one.  Good luck!
  And just in case there is another Apple ID linked to your account you can check at http://appleid.apple.com.

• Hello I have a problem with my ipod touch 1G the problem is that see me key to the floor! And when recogi not prendia after 5 minutes prendio but it gave to me the surprise of which the battery had finished completely! What I did was to set it to load wit

  Hello I have a problem with my ipod touch 1G the problem is that see me key to the floor! And when recogi not prendia after 5 minutes prendio but it gave to me the surprise of which the battery had finished completely! What I did was to set it to load with the USB but do not load the battery me the icon of the battery appear and below of her the beam that indicates that this being loaded but this way I have left it the whole yesterday and what goes of today and continues without loading anything! They can help me porfavor I am grateful for them to him very much!   And my PC does not detect it not itunes

  Try the not-charging topic of:
  iPod touch: Hardware troubleshooting
  It could be that the battery is dead.

• HT1918 I ve just bought a gift card from Belgium but I m living in Netherlands and I have an Iphone 4S subscription in Netherlands. What can I do to use the gift card? It is telling me that I can't use it because it's from Belgium.

  I ve just bought a gift card from Belgium but I m living in Netherlands and I have an Iphone 4S subscription in Netherlands. What can I do to use the gift card? It is telling me that I can't use it because it's from Belgium. i find it really stupid not to be able to use it?!
  please give me a hand over here
  plus i ve bought the gift card from a supermarket so its kind of hard to get my money back now :|

  Gift cards are country specific.  You cannot use them in another country.

• I have downloaded the latest version of safari only to be told that i can not use it on my version of os x (10.7.5). Is there any way to to revert back to the old safari.

  i have downloaded the latest version of safari only to be told that i can not use it on my version of os x (10.7.5). Is there any way to to revert back to the old safari.

  Safari is part of OS X and isn't available as a separate download. How did you get a newer version than the one that comes with Lion?

• I have purchased iphone 4 8gb in india. i have heard that when the company stops manufacturing the current phone, they replace it with 4s. is it true?

  i have purchased iphone 4 8gb in india. i have heard that when the company stops manufacturing the current phone, they replace it with 4s. is it true? can i get it replaced with iphone 4s 16gb or can i get it upgraded with iphone 16gb because 8gb is very less memory for me coz it hangs up all the time and apps dont work properly. any scheme where i can pay a bit and get it exchanged with any of them?

  Probably not.  If you want to purchase a new phone, then you'll have to sell your old one to fund your purchase of a new phone.
  As for iPhones, the phone that they will stop making is the iPhone 5.  This will not be made or sold any longer, because it has been replaced by the iPhone 5c and 5s.  You should still be able to get and iPhone 4 and 4s, although the iPhone 4 is old now in technology standards.
  To get a new phone though, you will likely have to sell your old phone to fund the purchase of a new one.  This is what most folks do.

• I've heard that when you update your new software you are able to view any photo or text message you have ever done, is this true?

  I've heard that when you update the new software to your iphone you are then able to view every photo and text message you have ever created, is this true.

  Um, no.

• DMVPN GRE over IPSEC Packet loss

  I have a hub and spoke DMVPN GRE over IPSec topology. We have many sites, over 10, and have a problem on one particular site, just one. First off I want to say that I have replaced the Router and I get the same exact errors. By monitoring the Terminal, I regularly get these messages
  %VPN_HW-1-PACKET_ERROR: slot: 0 Packet Encryption/Decryption error, Output Authentication error:srcadr=10.X.X.X,dstadr=10.X.X.X,size=616,handle=0x581A
  %CRYPTO-4-RECVD_PKT_MAC_ERR: decrypt: mac verify failed for connection id=1
  The tunnel is up, passes data, and always stays up. This router is a Spoke router. The routing protocol being used is EIGRP. When I do a
  Show Crypto isakmp sa, it shows the state as being "QM_IDLE" which means it is up.
  When I use the "Show Crypto Engine accelerator stat" this is what I get (Attached File)
  You can see that there are ppq rx errors, authentication errors, invalid packets, and packets dropped. I know this is not due to mis-configuration because the config is the same exact as other sites that I have which never have any problems. Here is the tunnel interface and the tunnel source interface on the Spoke Router
  interface Tunnel111
  description **DPN VPN**
  bandwidth 1000
  ip address 172.31.111.107 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip mtu 1300
  ip pim sparse-dense-mode
  ip nhrp authentication XXXX
  ip nhrp map multicast dynamic
  ip nhrp map multicast X.X.X.X
  ip nhrp map X.X.X.X X.X.X.X
  ip nhrp network-id 100002
  ip nhrp holdtime 360
  ip nhrp nhs 172.31.111.254
  ip route-cache flow
  ip tcp adjust-mss 1260
  ip summary-address eigrp 100 10.X.X.X 255.255.0.0 5
  qos pre-classify
  tunnel source GigabitEthernet0/0
  tunnel mode gre multipoint
  tunnel key XXXX
  tunnel protection ipsec profile X.X.X.X
  interface GigabitEthernet0/0
  description **TO DPNVPN**
  ip address 10.X.X.X 255.255.255.0
  no ip redirects
  no ip unreachables
  no ip proxy-arp
  ip nbar protocol-discovery
  ip pim sparse-dense-mode
  ip virtual-reassembly
  duplex full
  speed 100
  no snmp trap link-status
  no mop enabled
  Is there anything that you can think of that may becausing this, do you think this can be a layer one or two issue? Thanks
  Brenden

  Have you try to turn off the hardware encryption (no crypto engine accelerator) just to see if it's better. But be careful, cause your CPU% will run much higher, but you only have 10 spokes sites, so it wont be at 100%.
  It's better to start troubleshooting by layer 1 then layer 2 when it's possible. Have you ask the site's ISP for packet lost on their side ?

• GRE OVER IPSec vpn

  ACC
  http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009438e.shtml#diag
  this is lab i did, today,and  offcouse i am able to understand this lab bus the confusion are
  1 . why we use crypto map on both interface (phiycal interface or tunnel interface)
  2.  when i remove crypto map from tunnel interface i recieve this message
  ( R2691#*Mar  1 01:12:54.243: ISAKMP:(1002):purging node 2144544879 )
     please tell me what is meaning of this message
  3.But i can see vpn is working fine. this is cryto sa and crypto isakmp sa
  R2691#sh crypto ipsec sa
  interface: Serial0/0
      Crypto map tag: vpn, local addr 30.1.1.21
     protected vrf: (none)
     local  ident (addr/mask/prot/port): (30.1.1.21/255.255.255.255/47/0)
     remote ident (addr/mask/prot/port): (10.1.1.1/255.255.255.255/47/0)
     current_peer 10.1.1.1 port 500
       PERMIT, flags={origin_is_acl,}
      #pkts encaps: 65, #pkts encrypt: 65, #pkts digest: 65
      #pkts decaps: 66, #pkts decrypt: 66, #pkts verify: 66
      #pkts compressed: 0, #pkts decompressed: 0
      #pkts not compressed: 0, #pkts compr. failed: 0
      #pkts not decompressed: 0, #pkts decompress failed: 0
      #send errors 2, #recv errors 0
       local crypto endpt.: 30.1.1.21, remote crypto endpt.: 10.1.1.1
       path mtu 1500, ip mtu 1500, ip mtu idb Serial0/0
       current outbound spi: 0xDBF65B0E(3690355470)
       inbound esp sas:
        spi: 0x44FF512B(1157583147)
          transform: esp-3des esp-md5-hmac ,
          in use settings ={Tunnel, }
          conn id: 5, flow_id: SW:5, crypto map: vpn
          sa timing: remaining key lifetime (k/sec): (4598427/3368)
          IV size: 8 bytes
          replay detection support: Y
          Status: ACTIVE
       inbound ah sas:
       inbound pcp sas:
       outbound esp sas:
        spi: 0xDBF65B0E(3690355470)
          transform: esp-3des esp-md5-hmac ,
          in use settings ={Tunnel, }
          conn id: 6, flow_id: SW:6, crypto map: vpn
          sa timing: remaining key lifetime (k/sec): (4598427/3368)
          IV size: 8 bytes
          replay detection support: Y
          Status: ACTIVE
       outbound ah sas:
       outbound pcp sas:
  R2691#sh crypto isakmp sa
  IPv4 Crypto ISAKMP SA
  dst             src             state          conn-id slot status
  30.1.1.21       10.1.1.1        QM_IDLE           1002    0 ACTIVE
  IPv6 Crypto ISAKMP SA.
  4 . how do i know it is useing GRE over IPsec.
  i am also attach my topology on which i did lab

  MR. Anuj here is my config
  R7200#sh ip int b
  Interface                  IP-Address      OK? Method Status                Protocol
  Serial1/0                  10.1.1.1        YES NVRAM  up                    up
  Loopback1                  50.1.1.1        YES NVRAM  up                    up
  Loopback2                  50.1.2.1        YES NVRAM  up                    up
  Tunnel0                    40.1.1.2        YES NVRAM  up                    up
  Tunnel1                    40.1.2.2        YES NVRAM  up                    up
  Tunnel2                    40.1.3.2        YES NVRAM  up                    up
  =========================================================
  R7200#sh int tunnel 0
  Tunnel0 is up, line protocol is up
    Hardware is Tunnel
    Internet address is 40.1.1.2/24
    MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,
       reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation TUNNEL, loopback not set
    Keepalive not set
    Tunnel source 10.1.1.1 (Serial1/0), destination 30.1.1.1
    Tunnel protocol/transport GRE/IP
      Key disabled, sequencing disabled
      Checksumming of packets disabled
    Tunnel TTL 255
    Fast tunneling enabled
    Tunnel transport MTU 1476 bytes
    Tunnel transmit bandwidth 8000 (kbps)
    Tunnel receive bandwidth 8000 (kbps)
    Last input 00:00:04, output 00:00:04, output hang never
    Last clearing of "show interface" counters never
    Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 2
    Queueing strategy: fifo
    Output queue: 0/0 (size/max)
    5 minute input rate 0 bits/sec, 0 packets/sec
    5 minute output rate 0 bits/sec, 0 packets/sec
       2229 packets input, 213651 bytes, 0 no buffer
       Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
       0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
       2292 packets output, 220520 bytes, 0 underruns
       0 output errors, 0 collisions, 0 interface resets
       0 unknown protocol drops
       0 output buffer failures, 0 output buffers swapped out
  ===============================================================
  my cryto acl
  is
  access-list 101 permit gre host 10.1.1.1 host 30.1.1.1

• I am writing datas into a FIFO ,i am reading datas from fifo .but when i am writing datas like a a(0),a(1),a(2 like that.when i am reading dating datas a(0)comes to a(3 ) rd place .what is the reason ?

  I am writing datas into a FIFO in FPGA Target side  ,i am reading datas from fifo in windows host side  .but when i am writing datas like a a(0),a(1),a(2 like that.when i am reading dating datas a(0)comes to a(3 ) rd place, a(1) comes to a a(0) .what is the reason ?

  Please use a shorter title in your subject line and not post the entire question in therre.  (See the subject line I created.)   There is also no such word as "datas".  Data is already plural.
  Please read http://stackoverflow.com/help/how-to-ask.  Your question is hard to read because you aren't using proper punctuation and capitalization of your sentences.  It looks like one run-on sentence.
  Beyond that, it is impossible to help you solve our problem with just your question.  Please provide some more information.  Perhaps even attach code we can look at.  Show us what the data you are sending is supposed to look like, and what it actually looks like.

• When I was ready to place the order for my iPhoto book, I realized that it was for a soft cover book and I wanted hard cover.  How can I change this without losing my prepared book?

  When I was ready to place the order for my iPhoto book, I realized that it was for a soft cover book and I wanted hard cover.  How can I change this without losing my prepared book?

  Duplicate your book and try to change the theme in the copy.  Chnaging the theme may change the layout  of your text fileds. That is why you need the copy to be able to compare the pages before and after.
  Ctrl-click the book in the Source list and select "Duplicate".
  Click the "Change Theme" button in the upper right corner of the Book pane, make sure, you have the same theme selected and the same size. Click Hardcover.

• DMVPN & GRE over IPsec on the same physical interface

  Dear All,
  I'm configuring two WAN routers, each wan router has one physical interface connecting to branches and regional office using same provider.
  We'll be using GRE over IPsec to connect to regional office and DMVPN + EIGRP to branches.
  I would like to know if it's possible to configure tunnels for GRE over IPsec and DMVPN + EIGRP using the same source physical interface.
  Kindly reply, it's an urgent request and your response is highly appreciated.
  Regards,

  Hi Savio,
  It should work. we can configure dmvpn and gre-over-ipsec on ASA using same physical interface.
  Regards,
  Naresh

• When i put my sim in the phone i.e iphone 4s it said that your phone will be activated in  minutes and then it gave a message related to sim so what does it mean is my phone locked i got it from uk

  when i put my sim in the phone i.e iphone 4s it said that your phone will be activated in  minutes and then it gave a message related to sim so what does it mean is my phone locked i got it from uk

  Probably , but what is the message

• When I open I Tunes on my lap top I get a message saying that this version of I tunes is corrupted and I need to re install. If I re install will I lose my music library already created in I tunes?

  When I open I Tunes on my lap top I get a message saying that this version of I tunes is corrupted and I need to re install. If I re install will I lose my music library already created in I tunes?

  For general advice see Troubleshooting issues with iTunes for Windows updates.
  The steps in the second box are a guide to removing everything related to iTunes and then rebuilding it which is often a good starting point unless the symptoms indicate a more specific approach. Review the other boxes and the list of support documents further down the page in case one of them applies.
  Your library should be unaffected by these steps but there is backup and recovery advice elsewhere in the user tip.
  tt2