Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

GRE Tunnel ove IPSec

Hi,

Does anyone knows how to run GRE Tunnel over IPSec. The scenario is bit different. Let me try to explain. PE1 and PE2 belongs to ProviderA which is basically public Internet. PE3 and PE4 belongs to ProviderB which runs IPVPN private network.

CPE(1)-PE(1)---(Inertnet)----PE(2)--PE(3)-----------PE(4)-----CPE(2)

There is IPSec tunnel between CPE(1) to PE(1) and another IPSec tunnel between PE(1) to PE(3) which is not transparent to customer. Now customer wants to run GRE between CPE1 and CPE2. Does anyone know how it can be done?

2 REPLIES
Hall of Fame Super Bronze

Re: GRE Tunnel ove IPSec

You need to include the GRE in the IPSec ACL between CPE1<->PE1 and PE1<->PE3

Once CPE1 initiates the GRE tunnel, it will be captured by the IPSec as 'interesting' traffic from CPE1 to PE1.

PE1 will do the same towards PE3, however once it arrives to PE3, it won't be within IPSec towards PE4 with final destination in CPE2.

I believe, a much easier approach is configuring an IPSec between CPE1<->CPE2 and add GRE to the policy of that IPSec.

HTH,

__

Edison.

Re: GRE Tunnel ove IPSec

HI, [Pls RATE all Informative POST]

Refer Link below for some sample configuration:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a008009438e.shtml

Configuring an IPSec between CPE1 < > CPE2 is the good approach too. Your traffic is secured end - to - end.

Pls RATE all Informative POST

Best Regards,

Guru Prasad R

91
Views
0
Helpful
2
Replies