Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Passing GRE traffic across ASA

Hi,

I have an enviroment where I do need to pass the GRE traffic between two routers, the ASA-5510 is in between them.

Your help is appreciated. Sending a URL for similar setup, is great.

Sami

2 REPLIES

Re: Passing GRE traffic across ASA

Hi,

Have you tried adding a static NAT for the router's external interface which is located behind the inside interface of the ASA ?

Example .. let's say the router which is behind the inside (higher priority) interface of the ASA is 10.10.10.10 then you could add a static as below

static (inside,outside) 10.10.10.10 10.10.10.10 mask 255.255.255.255

Note: the above assumes that the second router is behind the outside interface (lower priority) of the ASA and that the second router knows how to reach 10.10.10.10. Obviously 10.10.10.10 should also know how to get to the second router.

next you will need to allow GRE on both interfaces.

access-list inside-out permit GRE host 10.10.10.10 host

access-list outside-in permit GRE host host 10.10.10.10

access-group inside-out in interface inside

access-group outside-in in interface outside

Give it a try ..

I hope it helps .. please rate it if it does !!!

New Member

Re: Passing GRE traffic across ASA

Your input was helpful, but I have made some more reading to complete the config. This URL was quite helpful, but it may need User ID and PW.

http://www.securityie.com/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=4;t=000456

Thank you.

185
Views
0
Helpful
2
Replies