We are configuring GRE-IPsec with OSPF. Without IPSEC configuration we are able to form OSPF neighbor realtionship across the two end of GRE tunnel. But when we apply "crypto map NAP" to tunnel interface OSPF is not getting formed.
Here is the configuration and similar configuration is on the other end ot the TUNNEL.
int tunnel 10
ip add 10.1.1.1
tunnel source s0/0
tunnel destination 10.2.1.2
crypto map NAP //** Crypto MAP applied **//
ip add 10.2.1.1 255.255.255.2.252
ip add 10.3.1.1 255.255.255.0
router ospf 10
network 10.3.1.0 0.0.0.255 a 0 // *** Ethernet subnet published ***//
network 10.1.1.0 0.0.0.255 a 0 // *** Tunnel subnet published ***//
access-list 110 permit ip any any
access-list 110 permit icmp any any
access-list 110 permit ospf any any
crypto isakmp policy 10
crypto isakmp key 0 cisco 10.2.1.2
crypto ipsec transform-set 10 trial esp-3des esp-sha-hmac
crypto map NAP 10 ipsec-isakmp
set peer 10.2.1.2
match address 110
set tranform-set trial
Please share the experience.
Any link of configuration example with GRE+IPSEC+OSPF on cisco.com?
Thanks in advance.
I can see 2 things that should be corrected in the configuration:
1. The crypto map should be applied to the s0/0 interface, NOT to the tunnel10 interface.
2. access-list 110 should specify the interesting traffic, but in the case of GRE over IPSec the interesting traffic is the following:
access-list 110 permit gre host 10.2.1.1 host 10.2.1.2
Of course, the configuration on the other side of the tunnel must be corrected as well, and it should be symmetrical to this, that is:
access-list 110 permit gre host 10.2.1.2 host 10.2.1.1