Hi all,
I have 2 routers connected and trying to make teh GRE come up over IPSEC, and i think my issue is lying with the ACL.
They are running old versions of IOS, and as such i need to have the crypto map on both the tunnel and physical interfaces.
I have tried 2 different ACL's.
ACL 100 - is an any any "catch all" list.
ACL 101 - is the typical GRE host to host list.
What i expect is that ALL traffic will be encrypted over this link.
Do I have the wrong impression? Maybe this is my issue.
When IPSEC is deployed on its own, everything is encrypted.
ACL 100 - What i see are :-
OSPF is not encrypted
PING's between the physical interfaces are encrypted and get through fine
PING's between the tunnel interfaces do not get through and are not answered
CHANGE to ACL 101
OSPF is not encrypted
PING's between the physical interfaces are not encrypted and get through fine
PING's between the tunnel interfaces are encrypted and get through fine
Config enclosed of the 2 routers.
It may be my expectation that everything would be encrypted.
Or else its my ACL.
The ACL is supposed to tell the router what traffic is to be encrypted. That is why i cannot see how the host to host GRE ACL would work for anything other than tunnel to tunnel traffic.
Appreciate any feedback.