GRE over EasyVPN

Unanswered Question
Oct 3rd, 2008
User Badges:

I have a PIX 501 connecting to a VPN Concentrator via EasyVPN. That connection works fine, now I want to add a router running GRE.

I cannot get my GRE tunnels to come up. I have added the fixup pptp command and a static translation, translating the Easy VPN obtain address to the router's inside address however nothing seems to be working… Any suggestions can any one confirm that you can run GRE over Easy VPN?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
singhsaju Fri, 10/03/2008 - 12:45
User Badges:
  • Silver, 250 points or more

I think if you are doing NEM mode then you should be able to do GRE over Ipsec.


But when EasyVPn is "client mode" , all networks from remote site gets PAT'ed before they are sent through IPsec.Therefore it may not work.


GRE tunnel destination should be reachable for GRE tunnel to work , therefore , in client mode the PAT can hide the tunnel source address of remote site .


Check what mode of EasyVPN is ?


HTH

Saju

Pls rate helpful posts

Jeff Garner Fri, 10/03/2008 - 12:48
User Badges:

We are using client mode, I am told by the VPN guys they do not want to support NEM...


My goal is to create a routable piece of our network...


I'm beginning to think I need NEM mode or a traditional IPSEC tunnel...

nickjacobs Thu, 11/06/2008 - 14:20
User Badges:

Yeah you can, but it's problematic in starting the tunnel or having it return on loss of VPN link. Shut both ends of the tunnel are down until the GRE connections on both ends of the link timeout on the firewall (sh conn) then unshut the remote end, then the central end together and you should be right. Like I say though - when the VPN drops and re-establishes you have to manually do it again - a solution I am searching for now.

Actions

This Discussion