I have two routers (C887VAG2 & ASR1006) connected point-to-point, I'm trying to configure ipsec but my phase 2 fails and the gre tunnel protocol remains down. I tried the tunnel protection on VTI's and the application of crypto map on the tunnel interface, when I apply the crypo map on tunnel interface I'm getting the below error message
% NOTE: crypto map is configured on tunnel interface.
Currently only GDOI crypto map is supported on tunnel interface.% NOTE: crypto map is configured on tunnel interface. Currently only GDOI crypto map is supported on tunnel interface.
I have attached the configs for both routers, there's no intermediate device.
- is it possible to get a document that explains what headers are added on the packet when vlan and ipsec is used?
- explanation of the difference between gre-over-ipsec vs ipsec-over-gre, the process as the packet enters the router gets encrypted then decrypted on the remote side.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...