07-30-2008 11:03 PM - edited 03-03-2019 10:58 PM
Hi,
Does anyone knows how to run GRE Tunnel over IPSec. The scenario is bit different. Let me try to explain. PE1 and PE2 belongs to ProviderA which is basically public Internet. PE3 and PE4 belongs to ProviderB which runs IPVPN private network.
CPE(1)-PE(1)---(Inertnet)----PE(2)--PE(3)-----------PE(4)-----CPE(2)
There is IPSec tunnel between CPE(1) to PE(1) and another IPSec tunnel between PE(1) to PE(3) which is not transparent to customer. Now customer wants to run GRE between CPE1 and CPE2. Does anyone know how it can be done?
07-31-2008 05:37 AM
You need to include the GRE in the IPSec ACL between CPE1<->PE1 and PE1<->PE3
Once CPE1 initiates the GRE tunnel, it will be captured by the IPSec as 'interesting' traffic from CPE1 to PE1.
PE1 will do the same towards PE3, however once it arrives to PE3, it won't be within IPSec towards PE4 with final destination in CPE2.
I believe, a much easier approach is configuring an IPSec between CPE1<->CPE2 and add GRE to the policy of that IPSec.
HTH,
__
Edison.
07-31-2008 07:33 AM
HI, [Pls RATE all Informative POST]
Refer Link below for some sample configuration:
http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009438e.shtml
Configuring an IPSec between CPE1 < > CPE2 is the good approach too. Your traffic is secured end - to - end.
Pls RATE all Informative POST
Best Regards,
Guru Prasad R
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide