GRE tunnel over IPSEC

Discussion in 'Cisco' started by casatirider, Jan 11, 2005.

  1. casatirider

    casatirider Guest

    Is it possible to configure and crypto a gre tunnel using IPSEC?

    I have two routers example.

    HostA----(p1)RTRA(P0)--(IPSEC(GRE))--(P0)RTRB(P1)---HostB


    I configured a GRE tunnel between the 0-Ports on RTRA and RTRB. Next I
    want to encrypt the tunnel using IPSEC. I cannot use separate routers
    to configure GRE and IPSEC. Has anyone set this up?

    I can get the GRE tunnel working on ports-0 on both boxes but whenever
    I encrypt the tunnel and the tunnel interface (ports-0) the GRE tunnel
    shuts down. Also, if I configure the tunnel on ports-0 and move the
    IPSEC interface to ports-1 (RTRA and RTRB) I am still not able to get
    the tunnel working. Last question, when configuring the GRE tunnel I
    want to have my RIP Routes use the tunnel to transport the updates so I
    included a more specific default route is this the way to go? it seems
    to work.

    HELP!!

    Casatirider
     
    casatirider, Jan 11, 2005
    #1
    1. Advertising

  2. casatirider

    PES Guest

    casatirider wrote:
    > Is it possible to configure and crypto a gre tunnel using IPSEC?
    >
    > I have two routers example.
    >
    > HostA----(p1)RTRA(P0)--(IPSEC(GRE))--(P0)RTRB(P1)---HostB
    >
    >
    > I configured a GRE tunnel between the 0-Ports on RTRA and RTRB. Next I
    > want to encrypt the tunnel using IPSEC. I cannot use separate routers
    > to configure GRE and IPSEC. Has anyone set this up?


    Absolutely. There should be numerous examples on the cisco website.
    Look in technology support and security then IPSEC. One article that is
    particularly helpful in understanding this is the dmvpn paper located at

    http://www.cisco.com/en/US/tech/tk583/tk372/technologies_white_paper09186a008018983e.shtml

    If the above wraps, and you cannot find it, go to cisco.com > technical
    support > technology support > security > ipsec > general information >
    dynamic multipoint vpn's. No kidding, it discusses exactly what you
    want to do including dynamic routing. You can pull different sections
    together to get the desired result.

    All of what you want is actually building blocks of a dmvpn. Some of
    the caveats are as follows.

    1) prior to 12.2(13)T you must create a crypto map that encrypts gre
    traffic. However, you must apply the map to both the physical interface
    and the gre tunnel interface (I know this makes no sense).

    2) 12.2(13)T or above, you only need to apply the crypto map to the
    physical interface

    3). In later versions, you can use a crypto profile bound to the gre
    tunnel. Make sure it has the the proper tunnel source, or the phase 1
    negotiation will assume nat-t and then fail.
    >
    > I can get the GRE tunnel working on ports-0 on both boxes but whenever
    > I encrypt the tunnel and the tunnel interface (ports-0) the GRE tunnel
    > shuts down. Also, if I configure the tunnel on ports-0 and move the
    > IPSEC interface to ports-1 (RTRA and RTRB) I am still not able to get
    > the tunnel working. Last question, when configuring the GRE tunnel I
    > want to have my RIP Routes use the tunnel to transport the updates so I
    > included a more specific default route is this the way to go? it seems
    > to work.
    >
    > HELP!!
    >
    > Casatirider
    >



    --
    -------------------------
    Paul Stewart
    Lexnet Inc.
    Email address is in ROT13
     
    PES, Jan 12, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Derek Konigsberg
    Replies:
    1
    Views:
    3,068
    baktash
    Jul 27, 2009
  2. Ali
    Replies:
    2
    Views:
    1,024
    chris
    Nov 5, 2003
  3. John Ireland
    Replies:
    1
    Views:
    1,091
    Claude LeFort
    Nov 11, 2003
  4. ArthurLange

    GRE Tunnel+IPSEC+Keepalive

    ArthurLange, Apr 27, 2004, in forum: Cisco
    Replies:
    0
    Views:
    2,593
    ArthurLange
    Apr 27, 2004
  5. Replies:
    6
    Views:
    29,584
Loading...

Share This Page