Hi,
I want to run GRE between two routers. The diagram is as such:
-------------IPSec----------------------
3640-------------PIX------------------------------------2600---------
10.1.1.252 117.17.36.217 117.17.34.230 10.1.5.251
on the PIX, the configuration is:
static (inside,outside) 117.17.36.217 10.1.1.252 netmask 255.255.255.255 0 0
conduit permit gre host 117.17.36.217 host 117.17.34.230
conduit permit gre host 117.17.34.230 host 117.17.36.217
on the 2600:
ip nat inside source route-map nonat interface Serial0/0.1 overload
route-map nonat permit 10
match ip address 130
access-list 130 deny ip 10.1.5.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 102 permit ip 10.1.5.0 0.0.0.255 10.1.1.0 0.0.0.255 (crypto access-list)
interface Tunnel1
ip address 192.168.100.1 255.255.255.0
tunnel source 117.17.34.230
tunnel destination 117.17.36.217
on the 3640:
interface Tunnel1
ip address 192.168.100.2 255.255.255.0
tunnel source 10.1.1.252
tunnel destination 117.17.34.230
IPSec between the PIX and 2600 is running fine. The networks behind the PIX and 2600 are NAT-ed.
The IP for the tunnel on the PIX is unique (no PAT).
I cannot ping through the tunnel. What's wrong with this?
Souldn't the tunnel packets be excluded from IPSec encryption?
I appreciate any input; thanks