Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPSec over GRE (not GRE over IPSec!)

Hi there,

is it possible to make IPSec over GRE encapsulation with Cisco IOS?

All of CCO example configurations do GRE over IPSec.

But we have to do IPSec then GRE at the remote site and at the central site first router remove GRE header and another router terminate the IPSec connection.

R1 - R2 - WAN - R5

(central) (remote site)

R2-R5 GRE Tunnel

R1-R5 IPSec connection (inside)

Thanks for helping and best regards,

Istvan

2 REPLIES

Re: IPSec over GRE (not GRE over IPSec!)

Yes it is possible to do an ipsec tunnel inside a gre tunnel. You'll need to turn on the the command ip tcp adjust-mss on the interface that will be connecting to the R1 and R5 routers, otherwise you'll have problems with the ipsec tunnels not being able to pass data properly do to the aditional header size from the gre tunnel.

Please rate any posts that were helpful.

Patrick

New Member

Re: IPSec over GRE (not GRE over IPSec!)

Thanks, we succeed to do it. The crypto map was in the tunnel interface, and the source peer address was the physical interface's IP address.

Regards,

Istvan

138
Views
5
Helpful
2
Replies
CreatePlease to create content