Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1424
Views
0
Helpful
6
Replies

IPSEC GRE Tunnel

saquib.nawazz
Level 1
Level 1

‎08-01-2009 12:31 PM - edited ‎03-04-2019 05:37 AM

Router-to-Router IPsec (Pre-shared Keys) GRE Tunnel

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00800946b8.shtml

Edge Router have multiple IPSEC Tunnel,can a route be filtered before it passes another tunnel or to the backbone from the EDGE Router.

Labels:
0 Helpful
6 Replies 6

paolo bevilacqua
Hall of Fame
Hall of Fame

‎08-01-2009 03:42 PM

Depends on the routing protocol. Eg. OSPF only certain filtering is possible.

0 Helpful

saquib.nawazz
Level 1
Level 1
In response to paolo bevilacqua

‎08-01-2009 10:13 PM

The Routing Protcol is OSPF.

All IPSEC GRE Tunnel are terminating on the same Router, where the filter will be applied.

Can get some sample configuration.

0 Helpful

saquib.nawazz
Level 1
Level 1
In response to saquib.nawazz

‎08-03-2009 06:29 AM

Any helpful input.

0 Helpful

Istvan_Rabai
Level 7
Level 7
In response to saquib.nawazz

‎08-03-2009 08:47 AM

Hi Saquib,

With GRE over IPSec tunnels, the Tunnel interface (like Tunnel0 in your example) is used to pass routing protocol updates and traffic.

The Tunnel interface is used very much the same way as a normal interface from routing protocol filtering or summarization point of view.

So do your route filtering as usual, except that filtering or summarization must be configured using the respective Tunnel interface when required by the command you use.

Cheers:

Istvan

0 Helpful

saquib.nawazz
Level 1
Level 1
In response to Istvan_Rabai

‎08-04-2009 03:03 AM

I am so far not able to search for sample configuration on filtering traffic with IPSEC GRE scenario.

Anyone aware of similar link.

0 Helpful

slmansfield
Level 4
Level 4
In response to saquib.nawazz

‎08-04-2009 07:18 AM

If your edge router is an Area Border Router and each tunnel is in a different OSPF area, you can filter type 3 LSAs between areas on the edge router using several techniques, the most flexible of which is the "area x filter-list prefix-name [in | out ]".

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t11/feature/guide/ft11at3f.html

If the tunnels are not in distinct OSPF areas, you may want to use a different routing protocol, such as EIGRP, over the tunnels, where you could use distribute-lists on the edge router to filter traffic between the tunnels.

If you need to use OSPF over the WAN, you could set up the OSPF area associated with the WAN as a totally stubby area. Assuming the edge router is an ABR, it will advertise just a default route to the remote sites. The routes advertised to the edge router from the remote sites can be filtered with the "area x filter-list" before they enter the OSPF backbone.

HTH

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card