Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

GRE over EasyVPN

I have a PIX 501 connecting to a VPN Concentrator via EasyVPN. That connection works fine, now I want to add a router running GRE.

I cannot get my GRE tunnels to come up. I have added the fixup pptp command and a static translation, translating the Easy VPN obtain address to the router's inside address however nothing seems to be working… Any suggestions can any one confirm that you can run GRE over Easy VPN?

4 REPLIES
Silver

Re: GRE over EasyVPN

I think if you are doing NEM mode then you should be able to do GRE over Ipsec.

But when EasyVPn is "client mode" , all networks from remote site gets PAT'ed before they are sent through IPsec.Therefore it may not work.

GRE tunnel destination should be reachable for GRE tunnel to work , therefore , in client mode the PAT can hide the tunnel source address of remote site .

Check what mode of EasyVPN is ?

HTH

Saju

Pls rate helpful posts

New Member

Re: GRE over EasyVPN

We are using client mode, I am told by the VPN guys they do not want to support NEM...

My goal is to create a routable piece of our network...

I'm beginning to think I need NEM mode or a traditional IPSEC tunnel...

Silver

Re: GRE over EasyVPN

I agree with you.

New Member

Re: GRE over EasyVPN

Yeah you can, but it's problematic in starting the tunnel or having it return on loss of VPN link. Shut both ends of the tunnel are down until the GRE connections on both ends of the link timeout on the firewall (sh conn) then unshut the remote end, then the central end together and you should be right. Like I say though - when the VPN drops and re-establishes you have to manually do it again - a solution I am searching for now.

243
Views
0
Helpful
4
Replies
CreatePlease login to create content