GRE Tunnel ove IPSec

nirajsinha · ‎07-30-2008

Hi,

Does anyone knows how to run GRE Tunnel over IPSec. The scenario is bit different. Let me try to explain. PE1 and PE2 belongs to ProviderA which is basically public Internet. PE3 and PE4 belongs to ProviderB which runs IPVPN private network.

CPE(1)-PE(1)---(Inertnet)----PE(2)--PE(3)-----------PE(4)-----CPE(2)

There is IPSec tunnel between CPE(1) to PE(1) and another IPSec tunnel between PE(1) to PE(3) which is not transparent to customer. Now customer wants to run GRE between CPE1 and CPE2. Does anyone know how it can be done?

Edison Ortiz · ‎07-31-2008

You need to include the GRE in the IPSec ACL between CPE1<->PE1 and PE1<->PE3

Once CPE1 initiates the GRE tunnel, it will be captured by the IPSec as 'interesting' traffic from CPE1 to PE1.

PE1 will do the same towards PE3, however once it arrives to PE3, it won't be within IPSec towards PE4 with final destination in CPE2.

I believe, a much easier approach is configuring an IPSec between CPE1<->CPE2 and add GRE to the policy of that IPSec.

HTH,

__

Edison.

guruprasadr · ‎07-31-2008

HI, [Pls RATE all Informative POST]

Refer Link below for some sample configuration:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009438e.shtml

Configuring an IPSec between CPE1 < > CPE2 is the good approach too. Your traffic is secured end - to - end.

Pls RATE all Informative POST

Best Regards,

Guru Prasad R