encrypt traffic thru GRE

Unanswered Question
Jan 22nd, 2008


-3800X2 connected thru leased line

-routing prot is RIP

-vpn with gre configured

-(access-list premit gre host host


-without transferring any traffic from point lanA to point lanB, sh crypto ipsec sa will show packets encrypted which i could say they are the RIP updates.

-pinging from lanA to lanB doesnt make any difference in the packets encrypted and decrypted in the SHOW CRYPTO IPSEC SA. Encrypted traffic is increased but they are from the RIP updates (not from my continous ping)


-how will i encrypt my traffic from lanA to lanB.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
ajagadee Tue, 01/22/2008 - 06:41

In order to encrypt traffic from LanA to LanB, traffic has to flow across the GRE Tunnel first and then GRE will be encrypted by IPSEC.

So, if you do a show ip route xxx for LanB on the LanA router, does it point to the tunnel. If this is deployment is in production and if you do not want to play with the dynamic routing table to to test, can you add a simple static route just for one host to point to the GRE Tunnel and test it.

I hope it helps



** Please rate if it helps **

cfajardo1_2 Tue, 01/22/2008 - 22:06

rip route remains and i could reach the other end..theres no problem with the connectivity now and i could see the isakmp sa and ipsec sa doing thjere job.

The problem we have to make sure that traffic between lanA and lanB are secured. I couldnt see that in SH CRYPTO IPSEC SA. I could see only a few which i guess are the rip realated thing coz it does increase only after say 40 sec.


This Discussion