Cisco Support Community
Community Member

Ipsec tunnel between 3640 and 3660


I am setting up a vpn between the above routers. I am using the VTI method with a tunnel interface. I have the tunnel up right now using the default GRE mode. Now I want to use ipsec, I have everything set up but need to turn on ipsec for the tunnel mode. This works on the 3640, however this option isn't listed in the 3660. Here is what I get doing a "tunnel mode ?"

aurp AURP TunnelTalk AppleTalk encapsulation

cayman Cayman TunnelTalk AppleTalk encapsulation

dvmrp DVMRP multicast tunnel

eon EON compatible CLNS tunnel

gre generic route encapsulation protocol

ipip IP over IP encapsulation

iptalk Apple IPTalk encapsulation

ipv6ip IPv6 over IP encapsulation

mpls MPLS encapsulations

nos IP over IP encapsulation (KA9Q/NOS compatible)

The second command I need:

"tunnel protection ipsec profile"

works on both routers, but the tunnel won't come back up because one side is gre and the other is ipsec.

The ios version of the 3660 is 12.3(17a)

The ios version of the 3640 is 12.4(3a)

thank you,


Re: Ipsec tunnel between 3640 and 3660

Wonder what feature set you have on the 3660. You will need IP Plus IPSec 3Des or Enterprise Plus IPSec 3DES image. You can upgrade the image and see if it works.

Or If both sides can do IPSec, you can probably do plain simple GRE over IPSec instead of VTI

Community Member

Re: Ipsec tunnel between 3640 and 3660


I thought I had the right feature set because I made an ipsec tunnel with a different method (crypto map applied to an interface) on the same router. I actually fixed it with an ios upgrade (new version same features). Maybe I had a buggy IOS? The gre tunnels do work, but I wanted something a little more secure.

thank you

CreatePlease to create content