GRE Tunnel as WAN Link

gavin.mckee · ‎02-14-2007

Hi,

I am implementing a WAN link that span a carriers extranet environment. The link will have an inside interface (our router) and an outside interface (their router). When we send traffic to our remote site the traffic will be subject to NAT allowing routing across the SP extranet. In order to secure the data we need to implement an IPSEC tunnel. The tunnel type needs to be GRE and because NAT is being done we need to used ESP. Could anyone suggest a template that I could use for the two routers that we control, in order to set all of this up?

Any help well rated.

Regards

Gavin

royalblues · ‎02-14-2007

Gavin,

IPSEC and NAT do not go well with each other. You might want to have a look at IPSEC NAT transparency though and check whether it suits your needs

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t13/ftipsnat.htm

The only thing i didn't understand is to use GRE tunnel. I dont think it is needed unless you plan to send routing information across it as IPSEC does not support multicast.

HTH, rate if it does

Narayan

gavin.mckee · ‎02-14-2007

I need to send RIPv2 over the Tunnel. Thats why I need GRE. Have you seen any examples of this type of configuration?

royalblues · ‎02-14-2007

Have a look at this link.

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a0080094bff.shtml

The example does not use RIP, but it should guide you to configure according to your needs

HTH, rate if it does

Narayan