Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IPSEC GRE Tunnel

Router-to-Router IPsec (Pre-shared Keys) GRE Tunnel

http://www.cisco.com/en/US/tech/tk827/tk369/technologies_configuration_example09186a00800946b8.shtml

Edge Router have multiple IPSEC Tunnel,can a route be filtered before it passes another tunnel or to the backbone from the EDGE Router.

6 REPLIES
Hall of Fame Super Gold

Re: IPSEC GRE Tunnel

Depends on the routing protocol. Eg. OSPF only certain filtering is possible.

New Member

Re: IPSEC GRE Tunnel

The Routing Protcol is OSPF.

All IPSEC GRE Tunnel are terminating on the same Router, where the filter will be applied.

Can get some sample configuration.

New Member

Re: IPSEC GRE Tunnel

Any helpful input.

Re: IPSEC GRE Tunnel

Hi Saquib,

With GRE over IPSec tunnels, the Tunnel interface (like Tunnel0 in your example) is used to pass routing protocol updates and traffic.

The Tunnel interface is used very much the same way as a normal interface from routing protocol filtering or summarization point of view.

So do your route filtering as usual, except that filtering or summarization must be configured using the respective Tunnel interface when required by the command you use.

Cheers:

Istvan

New Member

Re: IPSEC GRE Tunnel

I am so far not able to search for sample configuration on filtering traffic with IPSEC GRE scenario.

Anyone aware of similar link.

Silver

Re: IPSEC GRE Tunnel

If your edge router is an Area Border Router and each tunnel is in a different OSPF area, you can filter type 3 LSAs between areas on the edge router using several techniques, the most flexible of which is the "area x filter-list prefix-name [in | out ]".

http://www.cisco.com/en/US/docs/ios/12_2t/12_2t11/feature/guide/ft11at3f.html

If the tunnels are not in distinct OSPF areas, you may want to use a different routing protocol, such as EIGRP, over the tunnels, where you could use distribute-lists on the edge router to filter traffic between the tunnels.

If you need to use OSPF over the WAN, you could set up the OSPF area associated with the WAN as a totally stubby area. Assuming the edge router is an ABR, it will advertise just a default route to the remote sites. The routes advertised to the edge router from the remote sites can be filtered with the "area x filter-list" before they enter the OSPF backbone.

HTH

975
Views
0
Helpful
6
Replies
CreatePlease to create content