Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IOS VPN with GRE tunnel to Netscreen 500

Hi,

I am trying to configure a VPN from a 1841 to Netscreen 500 and then running a GRE tunnel between the 2 for use with OSPF.

I have never configured a VPN on a IOS router before and am having problems with Phase 2 failing.

Can anyone point me in the direction of some good documentation for configuring IOS based VPN with GRE. I have found some documenation for configuring a PIX to Netscreen but this is using policy based VPN's and not route based which is what im trying to configure

Many Thanks

1 REPLY
Silver

Re: IOS VPN with GRE tunnel to Netscreen 500

Hi,

Here is a basic IOS configuration for encrypting a GRE tunnel.

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key secret-key address x.x.x.x

!

crypto ipsec transform-set VPNSet esp-3des esp-md5-hmac

mode transport

!

crypto map CryptoMap 1 ipsec-isakmp

set peer 1.2.3.4

set transform-set VPNsSet

match address 101

!

interface Serial0

crypto map CryptoMap

!

!

access-list 101 permit gre any any

int t0

ip mtu 1416

ip addr 10.1.1.1 255.255.255.0

tunnel source ! These addresses need to be globally

tunnel dest ! routable

Router ospf 1

network 10.1.1.0 0.0.0.255 area 0

The way this works is that the OSFP process provides routing across the GRE tunnel. So packets that need to get to the remote network have the next hop set to that of the remote tunnel endpoint. They get encapsulated by GRE, then the crypto ACL 101 matches the GRE packets and they get encrypted.

Hope this helps,

Andy

819
Views
0
Helpful
1
Replies