Prev: Cisco AIR-LAP1142N-E-K9 conversion to standalone required
Next: kind of "ntp relay"
From: Elia S. on 2 Feb 2010 05:32
Hello
I have a GRE+IPSEC tunnel between two routers

HQ C2651XM with AIM VPN EP ios 12.4(15)T9 and C831 12.4(18)

phase 1

3des
sha
group2


phase 2
3des esp sha

-----------------------

Question 1)

Both the ciscos have 3des/des hardware assisted encryption so I don't get
any performance hit using that cyphers.

The phase 1 is used only to establish tunnel, right? So if I put for example

phase1:
aes 256
sha
group 5

I just use more cpu cycles at the establishment of the tunnel, but once the
tunnel is established I don't have any performance hit?

question 2)

In a gre+ipsec tunnel is the same, to apply the crypto map on the phisical
interface where the tunnel is terminated, or applying the tunnel security
ipsec... on the tunnel interface?
I think that applying a tunnel security policy on the tunnel, changes the
tunnel from GRE to IPSEC tunnel ipv4. right?


thank you

 | 
Pages: 1
Prev: Cisco AIR-LAP1142N-E-K9 conversion to standalone required
Next: kind of "ntp relay"