Hello I have a GRE+IPSEC tunnel between two routers
HQ C2651XM with AIM VPN EP ios 12.4(15)T9 and C831 12.4(18)
phase 1
3des sha group2phase 2
3des esp sha-----------------------
Question 1)
Both the ciscos have 3des/des hardware assisted encryption so I don't get any performance hit using that cyphers.
The phase 1 is used only to establish tunnel, right? So if I put for example
phase1: aes 256 sha group 5
I just use more cpu cycles at the establishment of the tunnel, but once the tunnel is established I don't have any performance hit?
question 2)
In a gre+ipsec tunnel is the same, to apply the crypto map on the phisical interface where the tunnel is terminated, or applying the tunnel security ipsec... on the tunnel interface? I think that applying a tunnel security policy on the tunnel, changes the tunnel from GRE to IPSEC tunnel ipv4. right?
thank you