Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

problem with ipsec in transport mode without gre tunnels

hi , is ir possible to have ipsec running in transport mode without having gre tunnels.

here's my setup

subnet 10.1.1.0/24---R1----R2--- 10.1.2.0/24 subnet

R1's loopback int 0 ip add 10.1.1.1/24 and R1 ethernet 0 ip add x.x.x.1/24 connecting to x.x.x.2/24 R2's ethernet 0 R2's loopback ip add 10.1.2.1/24.both the routers have default route pointing to each other . i have set the perfect isakmp policy between them using pre-share keys. same transform set with mode transport.in the crypto map of R1 i have set peer to 1.1.1.2 and on R2 the set peer to 1.1.1.1. on R1's cryptp map match address i have set from 10.1.1.1 to 10.1.2.1 . and on R2 crypto map match address i have set from 10.1.2.1 to 10.1.1.1.in the debug the isakmp sa is established properly.the quick mode fails. however if i set the mode to tunnel mode everything works fine.what is the problem in transport mode. pls help . thank u in advance.

sebastan

1 REPLY
Silver

Re: problem with ipsec in transport mode without gre tunnels

When using GRE with IPsec, the keepalives are encrypted like any other traffic. As with user data packets, if the IKE and IPsec security associations are not already active on the GRE tunnel, the first GRE keepalive packet will trigger IKE/IPsec initialization.

If you enter only the keepalive command with no arguments, defaults for both arguments are used.

If you enter only the keepalive command and the timeout parameter, the default number of retries (3) is used.

If you enter the no keepalive command, keepalive packets are disabled on the interface.

126
Views
0
Helpful
1
Replies
CreatePlease to create content