GRE Tunnel ove IPSec

Unanswered Question
Jul 30th, 2008

Hi,

Does anyone knows how to run GRE Tunnel over IPSec. The scenario is bit different. Let me try to explain. PE1 and PE2 belongs to ProviderA which is basically public Internet. PE3 and PE4 belongs to ProviderB which runs IPVPN private network.

CPE(1)-PE(1)---(Inertnet)----PE(2)--PE(3)-----------PE(4)-----CPE(2)

There is IPSec tunnel between CPE(1) to PE(1) and another IPSec tunnel between PE(1) to PE(3) which is not transparent to customer. Now customer wants to run GRE between CPE1 and CPE2. Does anyone know how it can be done?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Edison Ortiz Thu, 07/31/2008 - 05:37

You need to include the GRE in the IPSec ACL between CPE1<->PE1 and PE1<->PE3

Once CPE1 initiates the GRE tunnel, it will be captured by the IPSec as 'interesting' traffic from CPE1 to PE1.

PE1 will do the same towards PE3, however once it arrives to PE3, it won't be within IPSec towards PE4 with final destination in CPE2.

I believe, a much easier approach is configuring an IPSec between CPE1<->CPE2 and add GRE to the policy of that IPSec.

HTH,

__

Edison.

Actions

This Discussion