Supported Tunnel Types

The CloudEOS and vEOS Router supports the use of two basic types of IPsec tunnels. The tunnel types are determined based on the encapsulation mode.

The supported tunnel types are:

GRE-over-IPsec

  • In GRE-over-IPsec encapsulation mode, the application payload is first encapsulated within a GRE packet. IPsec then encrypts the GRE packet, which results in the packet being encapsulated and encrypted by the IPsec header.
  • Select this encapsulation type by specifying tunnel mode gre for the tunnel interface to which the IPsec profile is applied. This ensures that the packets forwarded on the interface are encrypted.
  • When using GRE-over-IPsec encapsulation mode, both IPsec mode options are supported (select either transport or tunnel).

VTI IPsec

  • In VTI encapsulation mode, the application payload is directly encapsulated and encrypted by the IPsec header.
  • Select this encapsulation type by specifying tunnel mode ipsec for the tunnel interface to which the IPsec profile is applied. This ensures that the packets forwarded on the interface are encrypted.
  • When using VTI encapsulation mode, set the IPsec mode to tunnel. The transport option under the IPsec mode has no effect.