- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- Re: GRE over IPSEC with one side having a dynamic ...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-19-2015 03:13 AM - edited 10-19-2015 03:14 AM
10-19-2015 03:13 AM - edited 10-19-2015 03:14 AM
GRE over IPSEC with one side having a dynamic IP address
Hi,
I'm looking for a way to configure GRE over IPSEC with one side of the tunnel being a ADSL line with a dynamic IP address.
I successfully configured GRE over IPSEC with both sides having static IP addresses but if one side has a dynamic IP not sure what to use for a tunnel source / destination for the dynamic IP.
Regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-19-2015 04:34 AM
10-19-2015 04:34 AM
Re: GRE over IPSEC with one side having a dynamic IP address
Hi,
What I can advice you is to check attached TCG and try to combine GRE and IPsec P2MP setup.
I hadn't this case, but you can try. Probably, you will have to migrate to pure IPsec to achieve dyamic WAN IP address alocation. Also you didn't mention which platform you have (Comware 5 or 7)?
Two attached files are:
HP MSR Router GRE over IPSec TCG v1.3_Jan2014.pdf
IPsec P2MP setup with zero touch in hub.pdf
ZIP file: 1,6M
Br,
Michal
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-19-2015 11:21 PM
10-19-2015 11:21 PM
Re: GRE over IPSEC with one side having a dynamic IP address
Hi Michal,
Thank you for your answer. The routers are brand new MSR routers (MSR3024 and MSR2003) with the latest software releases.
I saw the documents you sent but in the configurations they use the ip addresses of the public interfaces as endpoints but the problem is that one side will have a dynamic IP address so I can't use that information in the configuration.
Regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-20-2015 01:18 AM
10-20-2015 01:18 AM
Re: GRE over IPSEC with one side having a dynamic IP address
The P2MP doc include IPsec solution dynamic IP without GRE, but I think there is only one part in your configuration to change:
Hub:
Create a keychain named key 1 and specify the pre-shared key. In this scenario, we create an open keychain with 1 password to any address. There could be more than 1 keychain with multiple passwords defined to address spaces.
ike keychain key1
pre-shared-key address 0.0.0.0 0.0.0.0 key simple password
At Spoke side, of course you need to provide static public IP for the HUB to setup the tunnel. I assume, on the Spoke/Remote site you have public IP but dynamically assigned by ISP (PPPoE).
Br,
Mike