Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IPSec over GRE

Hi all!

I have found a few configuration examples for the GRE over IPSec on the /TAC website. It is tricky that in this case the crypto map has to be assigned for both the physical and the tunnel interfaces.

But as it can be seen on the following picture

http://www.olivetti.hu/csulok/ipsecogre.jpg

I need an IPSec over GRE. I have tried to configure the router that terminates both the GRE and the IPSec tunnel but without success. Could you provide me a draft guideline how to configure this router.

Cheers

Gabor

3 REPLIES
Bronze

Re: IPSec over GRE

The following link should help with the configuration of your IPSEC. http://www.cisco.com/warp/public/707/index.shtml#ipsec

Cisco Employee

Re: IPSec over GRE

Hi,

You can follow the below URL the GRE/IPSec config:

http://www.cisco.com/warp/public/707/ipsec_gre.shtml

Regards,

Arul

New Member

Re: IPSec over GRE

Gabor,

If you are able to use a new IOS image such as 12.2(11)T or better 12.2(13)T you can utilise Cisco's new IPSec implementation.

So your configuration on the Cisco would look something like:

crypto isakmp policy 10

encr 3des

authentication pre-share

lifetime 86000

!

crypto isakmp key some-secret-key address xxx.xxx.xxx.xxx

!

crypto ipsec transform-set trans-set1 esp-3des esp-sha-hmac

!

crypto ipsec profile policy1

set transform-set trans-set1

!

interface Loopback1

ip address yyy.yyy.yyy.yyy 255.255.255.255

!

interface Tunnel1

ip address 192.168.111.222 255.255.255.252

ip access-group Tunnel-IPSec-out out

ip mtu 1476

ip route-cache flow

ip ospf message-digest-key 1 md5 7

ip ospf cost 100

tunnel source Loopback1

tunnel destination xxxx.xxxx.xxxx.xxxx

tunnel protection ipsec profile policy1

Where xxxx.xxxx.xxxx.xxxx is the external remote IP address and yyyy.yyyy.yyyy.yyyy is the local external IP address. This setup does not require the crypto map to be applied to any interfaces. This will basically create a GRE tunnel between the 2 routers and then protect the GRE tunnels with IPSec.

If you need any further assistance feel free to email me.

- Brett

156
Views
0
Helpful
3
Replies
CreatePlease to create content