multipe tunnels question

Discussion in 'Cisco' started by jogdial@gmail.com, May 19, 2005.

  1. Guest

    Hi,

    I'm running IPSEC tunnels to three sites from my cisco. One of the
    sites says they now need a GRE tunnel. I have one serial interface for
    my WAN and an ethernet interface for my internal network. There is a
    2nd Ethernet interface for my DMZ.

    I know nothing about GRE tunnels at this point, from configs I have
    looked at, it appears you setup another virtual interface or something.
    If I do this, will it be compatible with my current IPSEC tunnels
    which are configured for the Serial interface? Can I have both types
    of tunnels and are there any restrictions?

    Thanks for your help
    , May 19, 2005
    #1
    1. Advertising

  2. wrote:
    > Hi,
    >
    > I'm running IPSEC tunnels to three sites from my cisco. One of the
    > sites says they now need a GRE tunnel. I have one serial interface for
    > my WAN and an ethernet interface for my internal network. There is a
    > 2nd Ethernet interface for my DMZ.
    >
    > I know nothing about GRE tunnels at this point, from configs I have
    > looked at, it appears you setup another virtual interface or something.
    > If I do this, will it be compatible with my current IPSEC tunnels
    > which are configured for the Serial interface? Can I have both types
    > of tunnels and are there any restrictions?


    GRE works with tunnel-interfaces (TunnelX). Just configure tunnel
    source, tunnel destination and an unnumbered interface. Make sure to
    allow the GRE-protocol pass your access-lists. I've configured some
    GRE-tunnels and they all work well. Nevertheless, GRE without encryption
    isn't a very good solution. Just modify the corresponding access-list to
    trigger on GRE-packets.

    access-list 100 permit gre host x.x.x.x host y.y.y.y

    And don't forget to apply the crypto map on the physical *and* the
    tunnel-interface. IPsec and GRE are working together perfectly, even if
    on the same interface. I only once had to "optimize" the max-mss.

    \cd
    Draschl Clemens, May 19, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ali
    Replies:
    5
    Views:
    544
  2. ljorg
    Replies:
    0
    Views:
    488
    ljorg
    Nov 22, 2006
  3. 'Ole
    Replies:
    7
    Views:
    452
    Fuzzy Logic
    Aug 22, 2006
  4. philbo30
    Replies:
    1
    Views:
    656
    Walter Roberson
    Apr 12, 2007
  5. barret bonden

    multipe wireless routers in same LAN ?

    barret bonden, Mar 7, 2008, in forum: Wireless Networking
    Replies:
    6
    Views:
    534
    Jack \(MVP-Networking\).
    Mar 7, 2008
Loading...

Share This Page