Hi,

I want to run GRE between two routers. The diagram is as such:

-------------IPSec----------------------

3640-------------PIX------------------------------------2600---------

10.1.1.252 117.17.36.217 117.17.34.230 10.1.5.251

on the PIX, the configuration is:

static (inside,outside) 117.17.36.217 10.1.1.252 netmask 255.255.255.255 0 0

conduit permit gre host 117.17.36.217 host 117.17.34.230

conduit permit gre host 117.17.34.230 host 117.17.36.217

on the 2600:

ip nat inside source route-map nonat interface Serial0/0.1 overload

route-map nonat permit 10

match ip address 130

access-list 130 deny ip 10.1.5.0 0.0.0.255 10.0.0.0 0.255.255.255

access-list 102 permit ip 10.1.5.0 0.0.0.255 10.1.1.0 0.0.0.255 (crypto access-list)

interface Tunnel1

ip address 192.168.100.1 255.255.255.0

tunnel source 117.17.34.230

tunnel destination 117.17.36.217

on the 3640:

interface Tunnel1

ip address 192.168.100.2 255.255.255.0

tunnel source 10.1.1.252

tunnel destination 117.17.34.230

IPSec between the PIX and 2600 is running fine. The networks behind the PIX and 2600 are NAT-ed.

The IP for the tunnel on the PIX is unique (no PAT).

I cannot ping through the tunnel. What's wrong with this?

Souldn't the tunnel packets be excluded from IPSec encryption?

I appreciate any input; thanks