GRE over IPSEC tunnel mode

sandevsingh · ‎04-16-2009

Hi, can GRE work over IPSEC tunnel mode? As IPSEC tunnel mode will encapsulate all the headers (GRE and IP) inside the outermost ESP IP header, then how will the GRE process know the tunnel end-points as they will be encrypted?

I was able to sucessfully configure GRE over IPSEC transport mode and everything worked fine. But i am not sure if GRE works fine with IPSEC tunnel mode?

Richard Burts · ‎04-16-2009

Sandev

GRE works fine with IPSec tunnel mode. The IPSec encapsulates the GRE packet, then sends the ESP packet to the VPN peer. The VPN peer deencapsulates the ESP packet, finds that the payload is a GRE packet, and processes the GRE packet as expected.

HTH

Rick

HTH

Rick

sandevsingh · ‎04-16-2009

Thanks, i configured this in a lab environment. I could see that my IPSEC tunnel is up. (Was able to check this by show crypto isakmp sa and show crypto ipsec sa), but somehow i was not able to ping my GRE tunnel endpoint. Both my tunnel endpoints are in the same subnet.

When i changed the mode to transport, it started pinging. Any idea why this is happening?

sdoremus33 · ‎04-20-2009

Could you post your config on this subject. Thanks

sandevsingh · ‎04-23-2009

Hi, thanks for your concern. It worked now.