Crypto maps - used as one of the oldest Cisco IOS implementation options for IPsec – have a downside - they do not provide for a routable logical interface. When migrating from a traditional WAN or upgrading an existing WAN to use cryptography, it may be beneficial to reuse the existing knowledge of the routing protocols to implement dynamic routing and provide for high availability. With crypto maps, unfortunately, several additional mechanisms are needed to introduce the dynamic nature. In this IP Corner article, Boštjan Šuštar, the Internetworking Expert at NIL Data Communications, describes another solution - to run the point-to-point Generic Routing Encapsulation (GRE) tunnel over IPsec. This solution does not only add the ability to run a routing protocol between remote sites, but also supports IP multicast and non-IP protocols.

This is the second in a series of articles describing various methods of implementing IPsec in Cisco IOS.