Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

GRE over IPSEC w/ EIGRP


I'm currently using ipsec vpn to connect my host location to remote sites. I'd like to be able to use EIGRP which will require gre. What I'm after is some interface addressing clarification. I'll start with some detail on the current config. The IP's are not my actual IP's.

Host router:
-----------------
GigabitEthernet0/1   LAN      201.0.99.1
Serial1/0            WAN     16.112.175.128

crypto isakmp key this-is-a-fake-key address 15.210.38.12

crypto map toRemote 2008 ipsec-isakmp
description to RemoteSiteA
set peer 15.210.38.12
set transform-set weak
match address 2008

Remote router:
----------------
Fastethernet0/1      LAN      201.0.28.1
Fastethernet0/0      WAN      15.210.38.12

crypto isakmp key this-is-a-fake-key address 16.112.175.128

crypto map toRemote 2008 ipsec-isakmp
description to Host
set peer 16.112.175.128
set transform-set weak
match address 120

Can I use the same LAN IP's for GRE?
for example
HostRouter#
conf t
tunnel0
ip address 201.0.99.1 255.255.255.0
tunnel source G0/1
tunnel destination 201.0.28.1 ###Should I use the WAN IP instead of LAN?


RemoteRouter#
conf t
tunnel0
ip address 201.0.28.1 255.255.255.0
tunnel source f0/0
tunnel destination 201.0.99.1 ###Should I use the WAN IP instead of LAN?

So the bottom line is this; will the above work, or will I need to create a new IP to assign the GRE interface?

Thanks very much for your help

1 REPLY
Cisco Employee

Re: GRE over IPSEC w/ EIGRP

Hello,

> Typically the tunnel destination is the WAN IP as that is routable while LAN is not

> I would suggest you using a seperate IP range for the tunnel and then include that range in your EIGRP configuration. So EIGRP can run over the tunnel interface

Hope this helps.

Regards,

NT

159
Views
0
Helpful
1
Replies
CreatePlease to create content