Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

GRE through PIX

Hi,

I want to run GRE between two routers. The diagram is as such:

-------------IPSec----------------------

3640-------------PIX------------------------------------2600---------

10.1.1.252 117.17.36.217 117.17.34.230 10.1.5.251

on the PIX, the configuration is:

static (inside,outside) 117.17.36.217 10.1.1.252 netmask 255.255.255.255 0 0

conduit permit gre host 117.17.36.217 host 117.17.34.230

conduit permit gre host 117.17.34.230 host 117.17.36.217

on the 2600:

ip nat inside source route-map nonat interface Serial0/0.1 overload

route-map nonat permit 10

match ip address 130

access-list 130 deny ip 10.1.5.0 0.0.0.255 10.0.0.0 0.255.255.255

access-list 102 permit ip 10.1.5.0 0.0.0.255 10.1.1.0 0.0.0.255 (crypto access-list)

interface Tunnel1

ip address 192.168.100.1 255.255.255.0

tunnel source 117.17.34.230

tunnel destination 117.17.36.217

on the 3640:

interface Tunnel1

ip address 192.168.100.2 255.255.255.0

tunnel source 10.1.1.252

tunnel destination 117.17.34.230

IPSec between the PIX and 2600 is running fine. The networks behind the PIX and 2600 are NAT-ed.

The IP for the tunnel on the PIX is unique (no PAT).

I cannot ping through the tunnel. What's wrong with this?

Souldn't the tunnel packets be excluded from IPSec encryption?

I appreciate any input; thanks

1 REPLY
Cisco Employee

Re: GRE through PIX

Here is a sample config you can use as template to check;

Configuring IPSec/GRE with NAT through PIX

http://www.cisco.com/warp/public/707/ipsecgrenat.html

HTH

R/Yusuf

170
Views
0
Helpful
1
Replies
CreatePlease login to create content