Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
236
Views
0
Helpful
1
Replies

GRE/IPSec tunnel

ali-franks
Level 1
Level 1

‎04-22-2003 03:05 AM - edited ‎02-21-2020 12:29 PM

Hi,

Been playing with this for a while now and need a little help please...

RouterA----IPSec and GRE tunnel-----RouterB

Can you terminate an IPSec tunnel on the same physical interface as a GRE tunnel?

The GRE tunnel terminates on router Loopback interfaces at either end and has destination statements as being the far end IP address of the physical interface.

The IPSec peer statements also have the IP addresses of the far end physical interface.

IKE P1 is not even trying to establish despite IP connectivity being fine and crypto ACL's OK.

Without the GRE tunnel interface the IPSec works a treat.

Cheers

Ali

Labels:
0 Helpful
1 Reply 1

awaheed
Cisco Employee
Cisco Employee

‎05-02-2003 02:15 PM

Hi Ali,

Sometimes if you don't have the Crypto access-lists matching the tunnel interfaces like in the following example..

http://www.cisco.com/warp/public/707/ipsecgrenat.html

e.g: access-list 101 permit gre host 10.2.2.1 host 10.3.3.1

then you can see something similar, also doublecheck your routes..

e.g: ip route 10.3.3.0 255.255.255.0 Tunnel0

Also try no ip route-cache on the tunnel/physical interface for testing (only try this, if you are not running too much traffic through the router)

Hope this helps,

Aamir

-=-=-

0 Helpful
Customers Also Viewed These Support Documents