Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
473
Views
0
Helpful
4
Replies

GRE over EasyVPN

JeffG1
Level 3
Level 3

‎10-03-2008 12:37 PM - edited ‎03-09-2019 09:36 PM

I have a PIX 501 connecting to a VPN Concentrator via EasyVPN. That connection works fine, now I want to add a router running GRE.

I cannot get my GRE tunnels to come up. I have added the fixup pptp command and a static translation, translating the Easy VPN obtain address to the router's inside address however nothing seems to be working… Any suggestions can any one confirm that you can run GRE over Easy VPN?

Labels:
0 Helpful
4 Replies 4

singhsaju
Level 4
Level 4

‎10-03-2008 12:45 PM

I think if you are doing NEM mode then you should be able to do GRE over Ipsec.

But when EasyVPn is "client mode" , all networks from remote site gets PAT'ed before they are sent through IPsec.Therefore it may not work.

GRE tunnel destination should be reachable for GRE tunnel to work , therefore , in client mode the PAT can hide the tunnel source address of remote site .

Check what mode of EasyVPN is ?

HTH

Saju

Pls rate helpful posts

0 Helpful

JeffG1
Level 3
Level 3
In response to singhsaju

‎10-03-2008 12:48 PM

We are using client mode, I am told by the VPN guys they do not want to support NEM...

My goal is to create a routable piece of our network...

I'm beginning to think I need NEM mode or a traditional IPSEC tunnel...

0 Helpful

singhsaju
Level 4
Level 4
In response to JeffG1

‎10-03-2008 12:49 PM

I agree with you.

0 Helpful

nickjacobs
Level 1
Level 1

‎11-06-2008 02:20 PM

Yeah you can, but it's problematic in starting the tunnel or having it return on loss of VPN link. Shut both ends of the tunnel are down until the GRE connections on both ends of the link timeout on the firewall (sh conn) then unshut the remote end, then the central end together and you should be right. Like I say though - when the VPN drops and re-establishes you have to manually do it again - a solution I am searching for now.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents