GRE over IPSEC w/ EIGRP

ubuntu_guy · ‎07-10-2010

I'm currently using ipsec vpn to connect my host location to remote sites. I'd like to be able to use EIGRP which will require gre. What I'm after is some interface addressing clarification. I'll start with some detail on the current config. The IP's are not my actual IP's.

Host router:
-----------------
GigabitEthernet0/1 LAN 201.0.99.1
Serial1/0 WAN 16.112.175.128

crypto isakmp key this-is-a-fake-key address 15.210.38.12

crypto map toRemote 2008 ipsec-isakmp
description to RemoteSiteA
set peer 15.210.38.12
set transform-set weak
match address 2008

Remote router:
----------------
Fastethernet0/1 LAN 201.0.28.1
Fastethernet0/0 WAN 15.210.38.12

crypto isakmp key this-is-a-fake-key address 16.112.175.128

crypto map toRemote 2008 ipsec-isakmp
description to Host
set peer 16.112.175.128
set transform-set weak
match address 120

Can I use the same LAN IP's for GRE?
for example
HostRouter#
conf t
tunnel0
ip address 201.0.99.1 255.255.255.0
tunnel source G0/1
tunnel destination 201.0.28.1 ###Should I use the WAN IP instead of LAN?

RemoteRouter#
conf t
tunnel0
ip address 201.0.28.1 255.255.255.0
tunnel source f0/0
tunnel destination 201.0.99.1 ###Should I use the WAN IP instead of LAN?

So the bottom line is this; will the above work, or will I need to create a new IP to assign the GRE interface?

Thanks very much for your help

Nagaraja Thanthry · ‎07-10-2010

Hello,

> Typically the tunnel destination is the WAN IP as that is routable while LAN is not

> I would suggest you using a seperate IP range for the tunnel and then include that range in your EIGRP configuration. So EIGRP can run over the tunnel interface

Hope this helps.

Regards,

NT