cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
244
Views
0
Helpful
2
Replies

encrypt traffic thru GRE

cfajardo1_2
Level 1
Level 1

SCENARIO:

-3800X2 connected thru leased line

-routing prot is RIP

-vpn with gre configured

-(access-list premit gre host 192.168.1.1 host 192.168.1.2)

OBSERVATION;

-without transferring any traffic from point lanA to point lanB, sh crypto ipsec sa will show packets encrypted which i could say they are the RIP updates.

-pinging from lanA to lanB doesnt make any difference in the packets encrypted and decrypted in the SHOW CRYPTO IPSEC SA. Encrypted traffic is increased but they are from the RIP updates (not from my continous ping)

QUESTION:

-how will i encrypt my traffic from lanA to lanB.

2 Replies 2

ajagadee
Cisco Employee
Cisco Employee

In order to encrypt traffic from LanA to LanB, traffic has to flow across the GRE Tunnel first and then GRE will be encrypted by IPSEC.

So, if you do a show ip route xxx for LanB on the LanA router, does it point to the tunnel. If this is deployment is in production and if you do not want to play with the dynamic routing table to to test, can you add a simple static route just for one host to point to the GRE Tunnel and test it.

I hope it helps

Regards,

Arul

** Please rate if it helps **

rip route remains and i could reach the other end..theres no problem with the connectivity now and i could see the isakmp sa and ipsec sa doing thjere job.

The problem we have to make sure that traffic between lanA and lanB are secured. I couldnt see that in SH CRYPTO IPSEC SA. I could see only a few which i guess are the rip realated thing coz it does increase only after say 40 sec.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: