The network topology is as follows:
User needs:
- PC1 and PC2 on the intranet can access each other;
1、GRE over IPSEC
1. Advantages and disadvantages of IPSEC
IPSEC Advantages:
- Can securely encrypt data/authentication;
IPSEC Disadvantages:
- Multicast encrypted traffic is not supported;
- Dynamic routing protocols are not supported, and routes cannot be exchanged between sites;
- Large-scale routing scenarios require handwriting of a large number of ACLs for interesting flows;
- In large-scale routing scenarios, it is necessary to write detailed routes and default routes for the headquarters and branches;
There will be problems when using IPSEC when the network is modified and expanded, or when the network size is too large.
2. Advantages and Disadvantages of GRE
GRE Disadvantages:
- Communication data cannot be encrypted;
GRE advantages:
- Support multicast traffic;
- Support dynamic routing protocols and exchange routes between sites;
- No need to hand-write a large number of routes and interesting flows;
2. Basic configuration
IP address configuration:
[FW1]int g1/0/1
[FW1-GigabitEthernet1/0/1]ip address 172.16.1.2 30
[FW1-Giga