Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

GRE/IPSec tunnel

Hi,

Been playing with this for a while now and need a little help please...

RouterA----IPSec and GRE tunnel-----RouterB

Can you terminate an IPSec tunnel on the same physical interface as a GRE tunnel?

The GRE tunnel terminates on router Loopback interfaces at either end and has destination statements as being the far end IP address of the physical interface.

The IPSec peer statements also have the IP addresses of the far end physical interface.

IKE P1 is not even trying to establish despite IP connectivity being fine and crypto ACL's OK.

Without the GRE tunnel interface the IPSec works a treat.

Cheers

Ali

1 REPLY
Cisco Employee

Re: GRE/IPSec tunnel

Hi Ali,

Sometimes if you don't have the Crypto access-lists matching the tunnel interfaces like in the following example..

http://www.cisco.com/warp/public/707/ipsecgrenat.html

e.g: access-list 101 permit gre host 10.2.2.1 host 10.3.3.1

then you can see something similar, also doublecheck your routes..

e.g: ip route 10.3.3.0 255.255.255.0 Tunnel0

Also try no ip route-cache on the tunnel/physical interface for testing (only try this, if you are not running too much traffic through the router)

Hope this helps,

Aamir

-=-=-

102
Views
0
Helpful
1
Replies