I am trying to create GRE tunnels over IPSec using ASA 5510. Before our company purchased the appliance, we were told that 5510 does supports GRE and configurations can be done to it to create the tunnel. I had been searching around the net for information on how to create the tunnels but so far, not much information had been gathered. Does anyone know about whether 5510 does indeed support GRE/IPSEC tunnels and any resources are available on how to configure them?
Tan, PIX/ASA does support GRE but as a pass through, today I am not aware you can terminate GRE tunnel on PIX/ASA . The solution would probably be to terminate the tunnel on another cisco device other than the ASA but let GRE pass through, you could also consider L2L vpn.
Thanks for the reply. I am still not sure on how to configure it and perhaps you can provide some insight to it.
3800 Router <---> ASA 5510 <---> DMZ server
The setup of the infrastructure is as above and IPSEC/GRE tunnel need to be established in order for the DMZ server to communicate with other machines on the Internet. I do not know how to configure the tunnel at all and I had all along presume that the ASA will be the termination point for the tunnel. Can you provide some insight on how to get the tunnel up and running with such a design?
Many thanks for your help and Happy New Year to you.
I think the portion on the switch and server should not be an issue at all. However, if I initiated the GRE tunnel from the 3800 router, will it flow through ASA 5510 to the server itself? I am still very blurred on this and some other areas and any help on the matter is greatly appreciated.
This might do what you need. It can be built outside of the PIX and ASA. It can be a little tricky to understand but once you get it you will like it. We use it for high availabilty in our Email. We have 2 front end servers, one in our corporate office and one in our data center, no matter which server is being used we always have connectivity and it is done through the psuedowire in the L2TP config set-up, little more complex than the generic routing, GRE, but still might provide what you are looking for.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :