Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

GRE question

Hi,

How do I permit GRE traffic to be redirected to an internal host ? I already add port 1723 redirection.

I have a 1841 router with IOS version 12.

6 REPLIES
Hall of Fame Super Silver

Re: GRE question

I am not sure that I understand the question. GRE packets are IP packets, they use GRE IP protocol type (protocol 47) instead of TCP or UDP IP protocols so they do not have the same type of port numbers.

If you can explain a bit more clearly what you are asking perhaps we can find a better answer.

HTH

Rick

New Member

Re: GRE question

What I want to do is to have a client on the Internet to connect to a Microsoft PPTP server through the 1841 router.

MS documentation says they use TCP port 1743 and GRE.

I already redirected the TCP 1743 port to the internal PPTP server. What steps are needed to redirect GRE to this host ?

New Member

Re: GRE question

Same process, but be sure (as Rick mentioned above) to specify protocol 47, not TCP or UDP. For instance

access-list 101 permit 47 any any

Regards

Jonathan Wilson

New Member

Re: GRE question

When I try to apply this access list to the outside interface I loose Internet browsing.

Can I use ACL even though I use NAT ?

New Member

Re: GRE question

Dd you get this working? Im also trying to do something similar, as Proto 47 GRE is portless how do I get it through NAT?

Basically if it were IPSEC we use UDP4500 to encasulate the ESP but I dont see how this can be done with GRE?

Anyone?

New Member

Re: GRE question

I had exactly the same requirement. Here is a configuration that works. These are only the relevant bits of the config to this question. Some of the outbound acl entries are redundant as it has permit ip any in the bottom, but you get the picture anyway.

interface Dialer1

ip access-group INBOUND in

ip access-group OUTBOUND out

ip nat inside source list NAT_LIST interface Dialer1 overload

ip nat inside source static 10.1.1.1 extendable

ip access-list extended INBOUND

evaluate MY_REFLECT

permit gre host any log

permit tcp host host eq 1723 log

ip access-list extended OUTBOUND

permit tcp any any reflect MY_REFLECT

permit udp any any reflect MY_REFLECT

permit icmp any any reflect MY_REFLECT

permit ip any any reflect MY_REFLECT

137
Views
0
Helpful
6
Replies
CreatePlease to create content