Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IOS VPN with GRE tunnel to Netscreen 500


I am trying to configure a VPN from a 1841 to Netscreen 500 and then running a GRE tunnel between the 2 for use with OSPF.

I have never configured a VPN on a IOS router before and am having problems with Phase 2 failing.

Can anyone point me in the direction of some good documentation for configuring IOS based VPN with GRE. I have found some documenation for configuring a PIX to Netscreen but this is using policy based VPN's and not route based which is what im trying to configure

Many Thanks


Re: IOS VPN with GRE tunnel to Netscreen 500


Here is a basic IOS configuration for encrypting a GRE tunnel.

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key secret-key address x.x.x.x


crypto ipsec transform-set VPNSet esp-3des esp-md5-hmac

mode transport


crypto map CryptoMap 1 ipsec-isakmp

set peer

set transform-set VPNsSet

match address 101


interface Serial0

crypto map CryptoMap



access-list 101 permit gre any any

int t0

ip mtu 1416

ip addr

tunnel source ! These addresses need to be globally

tunnel dest ! routable

Router ospf 1

network area 0

The way this works is that the OSFP process provides routing across the GRE tunnel. So packets that need to get to the remote network have the next hop set to that of the remote tunnel endpoint. They get encapsulated by GRE, then the crypto ACL 101 matches the GRE packets and they get encrypted.

Hope this helps,