Passing GRE traffic across ASA

Unanswered Question
Nov 1st, 2007
User Badges:


I have an enviroment where I do need to pass the GRE traffic between two routers, the ASA-5510 is in between them.

Your help is appreciated. Sending a URL for similar setup, is great.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Fernando_Meza Thu, 11/01/2007 - 15:43
User Badges:
  • Gold, 750 points or more


Have you tried adding a static NAT for the router's external interface which is located behind the inside interface of the ASA ?

Example .. let's say the router which is behind the inside (higher priority) interface of the ASA is then you could add a static as below

static (inside,outside) mask

Note: the above assumes that the second router is behind the outside interface (lower priority) of the ASA and that the second router knows how to reach Obviously should also know how to get to the second router.

next you will need to allow GRE on both interfaces.

access-list inside-out permit GRE host host

access-list outside-in permit GRE host host

access-group inside-out in interface inside

access-group outside-in in interface outside

Give it a try ..

I hope it helps .. please rate it if it does !!!


This Discussion