04-12-2006 03:15 AM - edited 02-21-2020 02:21 PM
Hi there,
is it possible to make IPSec over GRE encapsulation with Cisco IOS?
All of CCO example configurations do GRE over IPSec.
But we have to do IPSec then GRE at the remote site and at the central site first router remove GRE header and another router terminate the IPSec connection.
R1 - R2 - WAN - R5
(central) (remote site)
R2-R5 GRE Tunnel
R1-R5 IPSec connection (inside)
Thanks for helping and best regards,
Istvan
04-14-2006 12:22 AM
Yes it is possible to do an ipsec tunnel inside a gre tunnel. You'll need to turn on the the command ip tcp adjust-mss on the interface that will be connecting to the R1 and R5 routers, otherwise you'll have problems with the ipsec tunnels not being able to pass data properly do to the aditional header size from the gre tunnel.
Please rate any posts that were helpful.
Patrick
04-14-2006 07:44 AM
Thanks, we succeed to do it. The crypto map was in the tunnel interface, and the source peer address was the physical interface's IP address.
Regards,
Istvan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide