Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2049
Views
0
Helpful
1
Replies

GRE over IPsec, ASA and NAT-T

Go to solution
boban-petrovic
Level 1
Level 1

‎11-21-2011 06:18 AM - edited ‎02-21-2020 05:43 PM

I want to establish GRE over IPsec tunnel between four branch offices and head office. At branch offices, I have 1841 router with Advanced Security software. At head office, I have a ASA5510 7.2 as frontend with one public IP addres and 1841 router behind it in private address space. Since ASA is not supporting GRE tunnels, can ASA be endpoint for GRE over IPsec? If not, can ASA pass this tunnel to the 1841 router behind it, so 1841 would be logical tunnel endpoint? What should I pay attention? Should both ASA and every 1841 support NAT-T, or just ASA?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
andrew.prince
Level 10
Level 10

‎11-21-2011 06:57 AM

The ASA does not support GRE.

The router would be the GRE tunnel end point.  The ASA would be the endpoint for the IPSEC VPN.  NAT-T should not be a concern, if the ASA and the remote routers are directy connected to the internet.

HTH.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
andrew.prince
Level 10
Level 10

‎11-21-2011 06:57 AM

The ASA does not support GRE.

The router would be the GRE tunnel end point.  The ASA would be the endpoint for the IPSEC VPN.  NAT-T should not be a concern, if the ASA and the remote routers are directy connected to the internet.

HTH.

0 Helpful
Customers Also Viewed These Support Documents