Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
423
Views
0
Helpful
6
Replies

GRE question

grimard_cisco
Level 1
Level 1

‎11-16-2005 10:52 AM - edited ‎03-03-2019 10:59 AM

Hi,

How do I permit GRE traffic to be redirected to an internal host ? I already add port 1723 redirection.

I have a 1841 router with IOS version 12.

Labels:
0 Helpful
6 Replies 6

Richard Burts
Hall of Fame
Hall of Fame

‎11-16-2005 11:35 AM

I am not sure that I understand the question. GRE packets are IP packets, they use GRE IP protocol type (protocol 47) instead of TCP or UDP IP protocols so they do not have the same type of port numbers.

If you can explain a bit more clearly what you are asking perhaps we can find a better answer.

HTH

Rick

HTH

Rick
0 Helpful

grimard_cisco
Level 1
Level 1
In response to Richard Burts

‎11-16-2005 12:31 PM

What I want to do is to have a client on the Internet to connect to a Microsoft PPTP server through the 1841 router.

MS documentation says they use TCP port 1743 and GRE.

I already redirected the TCP 1743 port to the internal PPTP server. What steps are needed to redirect GRE to this host ?

0 Helpful

jonathan.wilson
Level 1
Level 1
In response to grimard_cisco

‎11-21-2005 08:13 AM

Same process, but be sure (as Rick mentioned above) to specify protocol 47, not TCP or UDP. For instance

access-list 101 permit 47 any any

Regards

Jonathan Wilson

0 Helpful

grimard_cisco
Level 1
Level 1
In response to jonathan.wilson

‎11-21-2005 08:25 AM

When I try to apply this access list to the outside interface I loose Internet browsing.

Can I use ACL even though I use NAT ?

0 Helpful

rasoftware
Level 1
Level 1
In response to grimard_cisco

‎02-24-2006 08:08 AM

Dd you get this working? Im also trying to do something similar, as Proto 47 GRE is portless how do I get it through NAT?

Basically if it were IPSEC we use UDP4500 to encasulate the ESP but I dont see how this can be done with GRE?

Anyone?

0 Helpful

ekiriakos
Level 1
Level 1

‎02-24-2006 08:57 AM

I had exactly the same requirement. Here is a configuration that works. These are only the relevant bits of the config to this question. Some of the outbound acl entries are redundant as it has permit ip any in the bottom, but you get the picture anyway.

interface Dialer1

ip access-group INBOUND in

ip access-group OUTBOUND out

ip nat inside source list NAT_LIST interface Dialer1 overload

ip nat inside source static 10.1.1.1 extendable

ip access-list extended INBOUND

evaluate MY_REFLECT

permit gre host any log

permit tcp host host eq 1723 log

ip access-list extended OUTBOUND

permit tcp any any reflect MY_REFLECT

permit udp any any reflect MY_REFLECT

permit icmp any any reflect MY_REFLECT

permit ip any any reflect MY_REFLECT

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card