Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

GRE tunnel over L2L VPN in 9.x ASA

I am having trouble getting a GRE tunnel up over a VPN tunnel on a 5555X ASA. This worked in the past on a pre-8.3 OS but I have not been able to solve it in the 9.x environment. I am seeing the following error:

%ASA-3-106010: Deny inbound protocol 47 src

  • VPN
2 REPLIES
New Member

GRE tunnel over L2L VPN in 9.x ASA

hi

Make sure outside to inside acl is applied for gre. i think below link can help

http://www.cisco.com/en/US/docs/security/asa/asa80/system/message/logmsgs.html

pranesh

Cisco Employee

GRE tunnel over L2L VPN in 9.x ASA

Hi,

The error may appear as GRE (protocol 47) can not pass through a PAT (dynamica NAT) on the ASA. I would recommend to configure a static translation.

-          Avoid nat statements with the 'any' keywords.

-          For nat identity rules (self-translation) add the no-proxy-arp and route-lookup keywords.

-           Verify there is a route for the destination.

Thanks,

Itzcoatl Espinosa

704
Views
0
Helpful
2
Replies