GRE with IPSec VPN using OSPF

Answered Question
Jun 7th, 2008
User Badges:

Gents,

This is my first post ever here on this platform, I have a problem configuring GRE tunnel with IPSEC tunnel using OSPF..... I have 2 sites connected to my HQ (Media is VSAT). I want all the data encription + Ospf Multicast allowed...

Can I Do it with DWVPN using SDM - I have reviwed one document about it but its all about IEGRP not OSPF...


Would anyone please help me to sort out this issue.. iF ANYONE NEED any other information please update me.... I will be glad to do so...


Thanking you all in anticipation.

Correct Answer by Farrukh Haroon about 8 years 11 months ago

Your tabuk router is misconfigured:


set peer 172.31.111.93


This should be


set peer 172.31.111.97


Regards


Farrukh

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.7 (3 ratings)
Loading.
Farrukh Haroon Sat, 06/07/2008 - 13:02
User Badges:
  • Red, 2250 points or more

Hello


I could not locate any specific document for SDM +OSPF, but you could combine the following, and let us know if you need any more assistance.


http://www.cisco.com/en/US/docs/routers/access/cisco_router_and_security_device_manager/25/software/user/guide/DMVPN.html


http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008019d6f7.shtml


Regards


Farrukh

premaximus Sun, 06/08/2008 - 01:58
User Badges:

Thanks a lot for the reply, I have read these document but In out case we dont want both sites to talk with each other.. we need to configure Pt to Pt tunnels from HQ.


** Should I have to creat GRE over IPSec Tunnels between the "Tunnel Interfaces" or "Serial Interfaces" or ethrnet to ethrnet .. because in my situation I want creat 2 Tunnels from my HQ ethernet to the both Sites's Routers internal Ethernet.


Is It possible.... or what is the best solution in my case


Thanking you in anticipation,


Shahid

Farrukh Haroon Sun, 06/08/2008 - 03:48
User Badges:
  • Red, 2250 points or more

If you want two have to seperate interfaces then you can just use regular GRE over ISPEC. There is no need for the MGRE/DMVPN complexitiy.


Just create two seperate tunnel interfaces on the hub HQ router. Also if you don't need any dynamic routing, you can just have two p2p 'direct encapsulation' IPSEC tunnels (as in IPSEC tunnels without GRE).


Regards


Farrukh

premaximus Tue, 06/10/2008 - 00:15
User Badges:

Thanks Furrukh,

In my case I am using a MPLS base OSPF Network and these 2 link will merge in it using OSPF, so I have configure PtP tunnels to both sites from HQ, one tunnel is working very fine.. but other tunnel is always MM_No_STATE..etc, Its not showing any adjancy from HQ, I am attching the files I do hope you will be able to diagnose the Issue.....


Regards,


Shahid




Correct Answer
Farrukh Haroon Tue, 06/10/2008 - 00:25
User Badges:
  • Red, 2250 points or more

Your tabuk router is misconfigured:


set peer 172.31.111.93


This should be


set peer 172.31.111.97


Regards


Farrukh

Farrukh Haroon Tue, 06/10/2008 - 00:43
User Badges:
  • Red, 2250 points or more

Thats very nice to know Shahid :) I wish you good luck with your job. You can see where I work from my profile on NETPRO.


Let me know if this solution works out. And also rate helpful posts :)


Regards


Farrukh

premaximus Sat, 06/21/2008 - 02:45
User Badges:

Hi Mr. Furrukh,


I have been asking about this issue from last week but nobody from the forum replied accuratly :)


I am looking for a solution where I can connect local LAN user using WIFI and connect then Using 3G GSM connection to the internet using CISCO Router.

so I need Wifi (WLAN) 3G GSM (WWAN) together so what you will suggest me to slect as a Router + Modules which can best fit in my requirment..

What would be the best solution... 1841 or 1861 series or ???


Many Thanks

Shahid

Farrukh Haroon Sat, 06/21/2008 - 03:56
User Badges:
  • Red, 2250 points or more

Dear Shahid


The best option would be to contact the local Cisco team (your account manager).


Cisco has a pretty strong team here in Saudi.


Regards


Farrukh

premaximus Sun, 07/27/2008 - 23:43
User Badges:

Hi Furrukh,


May I please have your email address, Its very Important..


Regards,


Shahid

Actions

This Discussion