GRE over IPSEC problem

siddindia · ‎01-28-2009

i've configured GRE tunnel over IPSEC between two routers on leased line.Tunnel shows port and protocol UP on both of routers but when i'm using command on CLI of router "show session interface tunnel 0", it will give "SESSION STATUS:DOWN" and also unable to see encryption/decryption.

Kindly tell me right solution.

Ivan Martinon · ‎01-28-2009

First:

crypto map VPN-IND 10 is missing the transform set:

it should look like this:

crypto map VPN-IND 10 ipsec-isakmp

set peer 10.10.106.2

match address 101

set transform-set BSF_CISCO

Go ahead and take off the crypto map from the Tunnel0 interface, you only need it on the physical interface on new versions.

Same on the other router:

Missing transform set

crypto map VPN-IND 10 ipsec-isakmp

set peer 10.10.106.1

match address 10

set transform-set...<-----HERE

!

crypto map VPN-IND 10 ipsec-isakmp

set peer 10.10.106.1

match address 10

set transform-set BSF_CISCO

Remove the crypto map from the Tunnel0 as well and force the tunnel renegotiation.

dominic.caron · ‎01-28-2009

In your crypto-map, you need to set the transform to use with the tunnel.

siddindia · ‎01-28-2009

How can we use transform with tunnel.kindly specify me with example for clear concept for me.

Ivan Martinon · ‎01-28-2009

you need to go to the crypto map mode by typing:

crypto map seqNO

set transform-set

I pasted the way it should look on my first post.