I've been looking for an explanation like this for a while. I understand more from this 30 minute video than I ever have even in courses I paid for. Thanks for this!
This explanation of GRE over IP sec is by far the best, simple, smooth, and to the point of what GRE over internet is...Thank you for taking the time to make these videos and teaching us so much.
Just found this video, and I have to say this is the best explanation of how to configure GRE over IPSEC that I have seen. Thank you Kevin and keep up the great content.
All I wanna say is thank you baby cheesus for dropping Kevin Wallace into this world!!! You sir are amazing!!! Your teaching style is simply awesome!!! Thanks for the videos and the knowledge transfer!!
Im not using Cisco equipment at all but, whole theory is very needed to understand how protocols works in fact. So i'm thankful to you for your spended time to share with us your knowledge. you're doing great job !
I just want say you do awesome work Kevin. I been following your channel for some time now. I got my CCNA before the deadline and now I'm after my CCNP. Great work!!! I always leave with little more confidence after you video instruction.
I hit 'like' button as a 500th person. How is it possible that it is not 500k likes already? Great video Kevin as all of your videos thanks a lot for your work.
Kevin this is awesome example. Can you please make a video on the same topic but with DMVPN, My employer is expanding and I'm face with the challenge of connect the sites together.
Hello Kevin. Love your videos. I have a question about the illustration of GRE over IPsec on 15:15. Shouldn't there be the other way around? That is IPsec encapsulated inside the GRE tunnel? Especially if you use, in later configuration, mode transport, opposite to mode tunnel?
Hey kevin! quick question here @21:20 you said Routers create a layer 2 segment adjacency, why do we call it "layer two" if it also involves routing ? or is it because they are on the same subnet ?
Hi Kevin, Nice tutorial there! I have only 1 question: is the tunnel creation mandatory for the IPsec to operate? Can we do the exact configuration but without creating the tunnel? If not, how does the router use the tunnel here? I see no command to link the tunnel with the IPsec in the configuration 🤔
GRE is configured with a destination IP address and two IP addresses for the internal tunnel (of a /30 subnet). If we configure more than one GRE tunnel on the same interface on a router, how does the router know which tunnel each incoming GRE packet belongs to?
Great job. My only critique is using ISAKMP/IKEv1 in examples. From a security perspective, no one should be using IKEv1 when IKEv2 is available. People will refer to this video and configure their production systems with what they've seen. Always practice like you would do in production.
Kevin, do you have an outline that includes your slides for your routing and switching 200-125 video. It would help with taking notes when studying when following your video. Thanks
Thanks! You don't have to (you could use static routes), but I did in this example. Specifically, I used the "network 0.0.0.0 255.255.255.255 area 0" command under each router's OSPF routing protocol configuration, making all active interfaces participate in the routing process.
Hello Kevin, This a great and simple explanation. I glad of that. I got a question. First you created a GRE tunnel which is the ovelay network. Then came in the IPSEC to provide protection to the information. But I can't realize on the configuration or what step is the join between the GRE tunnel 0 and the IPSEC config. Could you please point it out in which line command configuration that tie happens?
If I understand your question (and the theory) correctly, the *crypto ipsec transform-set* statement creates the IPSec portion, the ACL named *GRE-IN-IPSEC* specifies the traffic and they are brought together by the *crypto map* policy named *VPN.* Looked at another way, it is the ACL that diverts the "interesting" GRE traffic through the IPSec tunnel. I hope that helps to answer your question (and that it's technically correct).
I've been looking for an explanation like this for a while. I understand more from this 30 minute video than I ever have even in courses I paid for. Thanks for this!
Most lucid explanation of gre-over-IPSec that I have seen! 👍
This explanation of GRE over IP sec is by far the best, simple, smooth, and to the point of what GRE over internet is...Thank you for taking the time to make these videos and teaching us so much.
Just found this video, and I have to say this is the best explanation of how to configure GRE over IPSEC that I have seen. Thank you Kevin and keep up the great content.
All I wanna say is thank you baby cheesus for dropping Kevin Wallace into this world!!!
You sir are amazing!!! Your teaching style is simply awesome!!! Thanks for the videos and the knowledge transfer!!
Im not using Cisco equipment at all but, whole theory is very needed to understand how protocols works in fact. So i'm thankful to you for your spended time to share with us your knowledge. you're doing great job !
I just want say you do awesome work Kevin. I been following your channel for some time now. I got my CCNA before the deadline and now I'm after my CCNP. Great work!!! I always leave with little more confidence after you video instruction.
Your videos helped me remember everything from my CCNA and helps apply it as well. Thank you so much for your videos.
Sir, this is a treasure. Thank you for this!
I hit 'like' button as a 500th person. How is it possible that it is not 500k likes already? Great video Kevin as all of your videos thanks a lot for your work.
Thank you for taking the time to make a video about this topic Kevin. Perfect explanation!!!
Hello , I'm from thailand country . I have a littel bit skill in english but i try to learning from you VDO and thank you sir for all video .
Great explanation, Thanks, waiting for more net talk.
Thank you Kevin. Grate Session.. ! By the way on all your videos!
Thanks for this kevin.. more vids to come pleasee! Very help for us students
Thanks for this video, Kevin! I'm planning to make a video about this same topic.
Thank you Kevin for this elaborate understanding
Cleared my All Doubts..THANK YOU SIR
your video is my favorite study video, simple and smooth,
Many thanks for explaining it smoothly.
I swear IPsec is the most difficult subject for CCNP ENCOR for me, but great explanation as usual.
As usual, amazingly well explained
Thank you kavin. Such a lucid information
Thank you sir for such an awesome explanation. I love it 👏🏽👍🏽
CCNA 200-301 doing now thank you for this!
Great video...It has been very helpful for me
Awesome video, great explanation.
Kevin this is awesome example. Can you please make a video on the same topic but with DMVPN, My employer is expanding and I'm face with the challenge of connect the sites together.
Thanks for the great suggestion! I'll definitely plan on doing a DMVPN video early next year.
@@kwallaceccie did you already create such great video for DMVPN? cheers
Am on my way for my CCNA. 🎉🎉🎉
Hello Kevin. Love your videos. I have a question about the illustration of GRE over IPsec on 15:15. Shouldn't there be the other way around? That is IPsec encapsulated inside the GRE tunnel? Especially if you use, in later configuration, mode transport, opposite to mode tunnel?
crystal clear explanation!
Thanks Kevin for reading my comment!
Loved that Kevin ! Wonderful 😵
Hey kevin! quick question here @21:20 you said Routers create a layer 2 segment adjacency, why do we call it "layer two" if it also involves routing ? or is it because they are on the same subnet ?
thanks a lot....great help in understanding the concept
Excellent.
Hi Kevin,
Nice tutorial there!
I have only 1 question: is the tunnel creation mandatory for the IPsec to operate?
Can we do the exact configuration but without creating the tunnel?
If not, how does the router use the tunnel here? I see no command to link the tunnel with the IPsec in the configuration 🤔
Is this setup behind a NAT router?
I would like to see the entire configs on the router. Thanks
GRE is configured with a destination IP address and two IP addresses for the internal tunnel (of a /30 subnet). If we configure more than one GRE tunnel on the same interface on a router, how does the router know which tunnel each incoming GRE packet belongs to?
Hey Kevin
Thanks for the video. What are your recommendations for a ccna guy wanting to do the ccnp with no much industry experience
Great video, but why did you use IKEv1? There already is a newer version of IKE, namely IKEv2, which is better than IKEv1.
Wonderful
Great job. My only critique is using ISAKMP/IKEv1 in examples. From a security perspective, no one should be using IKEv1 when IKEv2 is available. People will refer to this video and configure their production systems with what they've seen. Always practice like you would do in production.
Cheers Mate.
Kevin, do you have an outline that includes your slides for your routing and switching 200-125 video. It would help with taking notes when studying when following your video. Thanks
Thanks so much for your interest. However, the slides are only available to those who enroll in my live training course.
Great video - I can actually listen to you for longer than most trainers.. question do I have to add the tunnel int to the routing protocol?
Thanks! You don't have to (you could use static routes), but I did in this example. Specifically, I used the "network 0.0.0.0 255.255.255.255 area 0" command under each router's OSPF routing protocol configuration, making all active interfaces participate in the routing process.
Instead of using crypto map VPN, we also can use crypto IPsec profile over the tunnel interface right?
Thank you Kevin I wish you could write all cisco books
Hi Kevin, love your videos but the mic volume was too low on this one. 😛 Edit: At 2:06 your sound was oke
Nice video !
Thank you sir.🤗
In releases before Cisco IOS 12.2(13)T, the crypto maps must be applied to both the physical interface and the logical interface (tunnel).
Hello Kevin, This a great and simple explanation. I glad of that. I got a question. First you created a GRE tunnel which is the ovelay network.
Then came in the IPSEC to provide protection to the information. But I can't realize on the configuration or what step is the join between the GRE tunnel 0 and the IPSEC config. Could you please point it out in which line command configuration that tie happens?
If I understand your question (and the theory) correctly, the *crypto ipsec transform-set* statement creates the IPSec portion, the ACL named *GRE-IN-IPSEC* specifies the traffic and they are brought together by the *crypto map* policy named *VPN.* Looked at another way, it is the ACL that diverts the "interesting" GRE traffic through the IPSec tunnel. I hope that helps to answer your question (and that it's technically correct).
That's great
Thank you !
Could you have also used tunnel protection mode instead of the crypto map?
Hi Kevin is tunnel protection ipsec profile not a better solution then crypto map?
If GRE is established first. Doesn't that make it IPSEC over GRE ?
I am confused
Currently have a CCNA and want to get my CCNP.
Perfect 👍
GOAT
It’s not the number of keys, its the long of the key of encryption.
Great Sir
More please
Great presentation. One question, i see some call this IPsec over gre and some say gre over IPsec. Which one is correct 😀
You can do either one. However, this video covers taking the GRE unicast packets and sending them over IPsec.
@@kwallaceccie Would you please inform me how would the vice versa (IPSec over GRE) be of any advantage at all? Is it really?
So then, what is the benefit of data encapsulation if it does not provide security? thanks
It can provide tunnels to create a virtual overlay network.
@@kwallaceccie thanks but then again... Does the tunnel provide any sort of security or anyone can see what's inside the tunnel payload etc
GRE established before ipswc and one can communicate over GRE how ipsec controlling traffic and GRE tunnel
I have just passed my CCNP EI cert
this is what i call timimg..just before the CCNA =)
imagine being this one dude that keeps disliking free training courses for seemingly no reason