GRE over IPSEC with one side having a dynamic IP address
Hi,
I'm looking for a way to configure GRE over IPSEC with one side of the tunnel being a ADSL line with a dynamic IP address.
I successfully configured GRE over IPSEC with both sides having static IP addresses but if one side has a dynamic IP not sure what to use for a tunnel source / destination for the dynamic IP.
Re: GRE over IPSEC with one side having a dynamic IP address
Hi,
What I can advice you is to check attached TCG and try to combine GRE and IPsec P2MP setup.
I hadn't this case, but you can try. Probably, you will have to migrate to pure IPsec to achieve dyamic WAN IP address alocation. Also you didn't mention which platform you have (Comware 5 or 7)?
Re: GRE over IPSEC with one side having a dynamic IP address
Hi Michal,
Thank you for your answer. The routers are brand new MSR routers (MSR3024 and MSR2003) with the latest software releases.
I saw the documents you sent but in the configurations they use the ip addresses of the public interfaces as endpoints but the problem is that one side will have a dynamic IP address so I can't use that information in the configuration.
Re: GRE over IPSEC with one side having a dynamic IP address
The P2MP doc include IPsec solution dynamic IP without GRE, but I think there is only one part in your configuration to change:
Hub:
Create a keychain named key 1 and specify the pre-shared key. In this scenario, we create an open keychain with 1 password to any address. There could be more than 1 keychain with multiple passwords defined to address spaces.
ike keychain key1 pre-shared-key address 0.0.0.0 0.0.0.0 key simple password
At Spoke side, of course you need to provide static public IP for the HUB to setup the tunnel. I assume, on the Spoke/Remote site you have public IP but dynamically assigned by ISP (PPPoE).
