cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
682
Views
0
Helpful
4
Replies

LAN-2-LAN IPSec - GRE or not?

fauresr
Level 1
Level 1

I need to setup Lan-to-Lan VPNs to between 3 routers. Each router has one interface on our public LAN and one int on a private 192.168 network.

I have sucessfully configured the first pair of routers, with an IPsec connection between R1 and R2. Trying to add a new IPsec connection between R2 and R3 has been a problem. It looks like I can only apply one crypto map on an interface.

When done, I need 3 IPsec connections, R1-R2, R2-R3 and R3-R1. What is the best way to do this? Do I need to use GRE tunnels and tunnel interfaces? Or is there a better way?

Thank you,

Remy

4 Replies 4

fauresr
Level 1
Level 1

I would like to add some information to my post above.

The current working config uses IPsec without GRE. It works fine between 2 routers.

My problem is how to expand this to more than 2 routers. The traffic will only be IP unicast, there is no NAT involved and no dynamic routing. If I can avoid GRE, it'd be easier.

Thank you,

Remy

sounds like you want to 2 remote sites to talk to each other. That would be a fully meshed IPSEC connection. I also included Hub in Spoke if you want it. If you want to pass RPs or broadcasts accross the IPSEC connection I would use GRE. If you are using unicast traffic I would use a non GRE IPSEC solution.

fully meshed

http://www.cisco.com/en/US/partner/tech/tk583/tk372/technologies_configuration_example09186a008014f8ab.shtml

hub and spoke

http://www.cisco.com/en/US/partner/tech/tk583/tk372/technologies_configuration_example09186a008009463b.shtml

Jay,

thanks for the links. The doc on the fully meshed configuration answered my question.

I had initially created 2 crypto maps, and only one could be bound to the interface. The document indicated how to combine two tunnels whithin a single crypto map. Problem is resolved.

Thanks again.

Remy

gwbryant
Level 1
Level 1

Have you considered dynamic multipoint vpn (DMPVN)?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: