Issues while using mGRE and p2p GRE tunnel with vpn spa on 6500

Unanswered Question
Jul 21st, 2009
User Badges:

Have a 6500 using the vpn spa with ipsec tunnels. The plan is to migrate all tunnels over to DMVPN. When we configured the mGRE tunnel and bring it up, all the other tunnels slowly drop. As soon as we shutdown the mGRE tunnel, all other tunnels come up. We have a tunnel key set for the mGRE tunnel. The only limitations I could find were that we only source 1 mGRE tunnel from an interface, I could not find anything about sharing and interface with p3p tunnels. Anyone know if it is possible to source an mGRE tunnel and p3p tunnel from the same interface?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Tue, 07/21/2009 - 07:16
User Badges:
  • Cisco Employee,

If you are going to use the same shared interface for both mgre and p2p GRE tunnels you need to use the "shared" on the tunnel protection command keyword on all the tunnels.

Interface tunnel XXXX

tunnel protection ipsec profile ZZZZZ shared

jbest1028 Sun, 07/26/2009 - 16:39
User Badges:

Don't think that is supported on the 6500, that command was introduced in 12.4.15T.

Ivan Martinon Tue, 07/28/2009 - 12:58
User Badges:
  • Cisco Employee,

You got me in there, apologies for that, I have been researching about this and it seems there is no way around for this and instead you need to define separate interfaces.


This Discussion