Cisco Support Community
Community Member

IPsec, transport mode and dynamic maps, Oh My!

I want to create a GRE tunnel from an remote IOS router to an IOS router located behind a PIX. GRE traffic originating from the remote router will be IPSec protected all the way to the PIX which will strip of the IPSec and let it continue to the GRE endpoint router behind the PIX.

In the past, when I have done this in an IOS router only environment I have used IPSec in transport mode to encrypt GRE packets between the public IPs of the routers. When I try to do something similar with the PIX I realized that the PIX will only support IPSec transport mode if I use dynamic crypto maps.

OK, no problem, but my IOS routers all have static public addresses. Will a dynamic map using an access-list of the IOS routers static public IPs work?

What about if I just use tunnel mode? Will there be a problem using tunnel mode when the access-lists specify specific hosts rather than subnets?

Do I have other options?



Community Member

Re: IPsec, transport mode and dynamic maps, Oh My!

I think this URL might give you a better idea

CreatePlease to create content