To configure Generic Routing Encapsulation (GRE) over an IPSec tunnel between two routers, perform these steps:
Create a tunnel interface (the IP address of tunnel interface on both routers must be in the same subnet), and configure a tunnel source and tunnel destination under tunnel interface configuration, as shown:
ip address 192.168.16.1 255.255.255.0
Configure isakmp policies, as shown:
crypto isakmp policy 1
Configure pre share keys, as shown:
crypto isakmp key cisco123 address (Remote outside interface IP with 32 bit subnet mask)
Configure crypto map and bind transform set and crypto Access Control List (ACL) to crypto map. Define peer IP address under crypto map, as shown:
crypto map vpn 10 ipsec-isakmp
set transform-set strong
match address 120
Bind crypto map to the physical (outside) interface if you are running Cisco IOS? Software Release 12.2.15 or later. If not, then the crypto map must be applied to the tunnel interface as well as the physical interace, as shown:
crypto map vpn
Configure Network Address Traslation (NAT) bypass if needed, as shown:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...