Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
773
Views
0
Helpful
2
Replies

IRB over VPN

wormscoffer
Level 1
Level 1

‎08-14-2007 08:53 PM - edited ‎02-21-2020 03:12 PM

I've seen previous posts in this forum stating that in order to "transparently bridge" a connection over a VPN between two routers it's as simple as using IRB on the GRE over IPSEC tunnel.

I've configured the routers (837 <-> 877) and the GRE over IPSEC appears to be up but I'm not sure where to go from here.

Can anyone offer some pointers on the next step please?

The Ethernet interfaces of each router are on the same subnet but they are on different sites and connected via ADSL with static IP addresses.

I can post the configs to here if required.

Thanks in advance.

Andrew

Labels:
0 Helpful
2 Replies 2

pija
Level 1
Level 1

‎08-30-2007 04:50 PM

I assume that your GRE over IPSec configuration is working thus it's enough to add IRB related lines in global config as well as interface mode. An example of such a configuration attached below. Enjoy!

Testing topology:

[Host 10.0.0.1]-----[10.0.0.2 (R2) 192.168.2.2]-------[Frame-Relay]-------[192.168.2.5 (R5) 10.0.0.3]-----[10.0.0.4 Host]

The partial configuration of R2 (R5 is symmetrical):

!

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key cisco address 192.168.2.5 no-xauth

!

!

crypto ipsec transform-set vpn esp-3des esp-md5-hmac

!

crypto map VPN 1 ipsec-isakmp

set peer 192.168.2.5

set transform-set vpn

match address 140

!

bridge irb

!

!

!

interface Tunnel1

no ip address <--- you can assign IP addresss, this is not necessary.

tunnel source 192.168.2.2

tunnel destination 192.168.2.5

bridge-group 1

!

interface Ethernet0/0

no ip address

bridge-group 1

!

interface Serial1/0

no ip address

encapsulation frame-relay

!

interface Serial1/0.1 point-to-point

ip address 192.168.2.2 255.255.255.252

frame-relay interface-dlci 203

crypto map VPN

!

!

interface BVI1

ip address 10.0.0.2 255.255.255.0

!

access-list 140 permit gre host 192.168.2.2 host 192.168.2.5

!

bridge 1 protocol ieee

bridge 1 route ip

!

0 Helpful

wormscoffer
Level 1
Level 1
In response to pija

‎08-31-2007 05:49 AM

Thanks pija

I'd posted the same question in a couple of forums and your reply is the most comprehensive and easiest to understand.

I'll give this a try.

Many thanks.

0 Helpful
Customers Also Viewed These Support Documents