Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
383
Views
0
Helpful
3
Replies

IPSec over GRE

gsebk
Level 1
Level 1

‎12-08-2002 05:16 AM - edited ‎02-21-2020 12:13 PM

Hi all!

I have found a few configuration examples for the GRE over IPSec on the /TAC website. It is tricky that in this case the crypto map has to be assigned for both the physical and the tunnel interfaces.

But as it can be seen on the following picture

http://www.olivetti.hu/csulok/ipsecogre.jpg

I need an IPSec over GRE. I have tried to configure the router that terminates both the GRE and the IPSec tunnel but without success. Could you provide me a draft guideline how to configure this router.

Cheers

Gabor

Labels:
0 Helpful
3 Replies 3

kmarrero
Level 4
Level 4

‎12-09-2002 10:36 AM

The following link should help with the configuration of your IPSEC. http://www.cisco.com/warp/public/707/index.shtml#ipsec

0 Helpful

ajagadee
Cisco Employee
Cisco Employee

‎12-09-2002 02:23 PM

Hi,

You can follow the below URL the GRE/IPSec config:

http://www.cisco.com/warp/public/707/ipsec_gre.shtml

Regards,

Arul

0 Helpful

b.mason
Level 1
Level 1

‎12-09-2002 05:25 PM

Gabor,

If you are able to use a new IOS image such as 12.2(11)T or better 12.2(13)T you can utilise Cisco's new IPSec implementation.

So your configuration on the Cisco would look something like:

crypto isakmp policy 10

encr 3des

authentication pre-share

lifetime 86000

!

crypto isakmp key some-secret-key address xxx.xxx.xxx.xxx

!

crypto ipsec transform-set trans-set1 esp-3des esp-sha-hmac

!

crypto ipsec profile policy1

set transform-set trans-set1

!

interface Loopback1

ip address yyy.yyy.yyy.yyy 255.255.255.255

!

interface Tunnel1

ip address 192.168.111.222 255.255.255.252

ip access-group Tunnel-IPSec-out out

ip mtu 1476

ip route-cache flow

ip ospf message-digest-key 1 md5 7

ip ospf cost 100

tunnel source Loopback1

tunnel destination xxxx.xxxx.xxxx.xxxx

tunnel protection ipsec profile policy1

Where xxxx.xxxx.xxxx.xxxx is the external remote IP address and yyyy.yyyy.yyyy.yyyy is the local external IP address. This setup does not require the crypto map to be applied to any interfaces. This will basically create a GRE tunnel between the 2 routers and then protect the GRE tunnels with IPSec.

If you need any further assistance feel free to email me.

- Brett

0 Helpful
Customers Also Viewed These Support Documents