Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
416
Views
5
Helpful
2
Replies

IPSec over GRE (not GRE over IPSec!)

iszlavik
Level 1
Level 1

‎04-12-2006 03:15 AM - edited ‎02-21-2020 02:21 PM

Hi there,

is it possible to make IPSec over GRE encapsulation with Cisco IOS?

All of CCO example configurations do GRE over IPSec.

But we have to do IPSec then GRE at the remote site and at the central site first router remove GRE header and another router terminate the IPSec connection.

R1 - R2 - WAN - R5

(central) (remote site)

R2-R5 GRE Tunnel

R1-R5 IPSec connection (inside)

Thanks for helping and best regards,

Istvan

Labels:
0 Helpful
2 Replies 2

Patrick Laidlaw
Level 4
Level 4

‎04-14-2006 12:22 AM

Yes it is possible to do an ipsec tunnel inside a gre tunnel. You'll need to turn on the the command ip tcp adjust-mss on the interface that will be connecting to the R1 and R5 routers, otherwise you'll have problems with the ipsec tunnels not being able to pass data properly do to the aditional header size from the gre tunnel.

Please rate any posts that were helpful.

Patrick

iszlavik
Level 1
Level 1
In response to Patrick Laidlaw

‎04-14-2006 07:44 AM

Thanks, we succeed to do it. The crypto map was in the tunnel interface, and the source peer address was the physical interface's IP address.

Regards,

Istvan

0 Helpful
Customers Also Viewed These Support Documents