No crypto debugs appear when trying to initiate the tunnel. IPSec worked before adding generic routing encapsulation (GRE) to the configuration.
To add GRE to a working IPSec configuration, follow these steps.
- Remove the crypto map from the interface.
- Create the tunnel interfaces.
ip address private_ip subnet_mask
tunnel source outside_interface_name
tunnel destination peer_address
- Modify the crypto access list as shown below.
access-list acl_name permit gre host tunnel_source_ip host peer_address
- Use routing protocol or configure a static route for the remote LAN with the next hop pointing to the tunnel interface.
- Reapply the crypto map to the physical interface and the tunnel interface.
For more information, including a sample configuration, see Configuring Router-to-Router IPSec (Pre-shared Keys) on GRE Tunnel with CBAC and NAT.
Cisco IOS Software Version
VPN Tunnel End Points