VoIP over IPsec

Petri Helenius pete at he.iki.fi
Mon Feb 17 23:33:42 UTC 2003




>More specifically, dynamic routing protocols like ospf and rip.

There is no technical difference for running ospf and rip over IPsec tunnel or
GRE tunnel. (other than the encapsulation itself) 

Implementations may (and do) force you to do suboptimal things because
they are either designed or implemented way too long ago to make use
of more recent technology in the most efficient fashion.

Pete


-----Original Message-----
From: Petri Helenius [mailto:pete at he.iki.fi]
Sent: Monday, February 17, 2003 5:21 PM
To: Iljitsch van Beijnum; Steve Feldman
Cc: nanog at nanog.org
Subject: Re: VoIP over IPsec



> On Mon, 17 Feb 2003, Steve Feldman wrote:
> 
> > through the corporate enterprise net, Cisco routers with IPSEC/GRE tunnels
> > over the public Internet.
> 
> Maybe a stupid question... why would you need GRE tunneling while IPsec
> has a tunnel mode of its own?
> 
Probably because a major router vendor, despite of repeated customer requests,
declined to implement routing across such tunnel mode.

Pete





More information about the NANOG mailing list