- Community Home
- >
- Networking
- >
- Switching and Routing
- >
- Comware Based
- >
- GRE over IPSEC with one side having a dynamic IP a...
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-19-2015 03:13 AM - edited 10-19-2015 03:14 AM
10-19-2015 03:13 AM - edited 10-19-2015 03:14 AM
GRE over IPSEC with one side having a dynamic IP address
Hi,
I'm looking for a way to configure GRE over IPSEC with one side of the tunnel being a ADSL line with a dynamic IP address.
I successfully configured GRE over IPSEC with both sides having static IP addresses but if one side has a dynamic IP not sure what to use for a tunnel source / destination for the dynamic IP.
Regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-19-2015 04:34 AM
10-19-2015 04:34 AM
Re: GRE over IPSEC with one side having a dynamic IP address
Hi,
What I can advice you is to check attached TCG and try to combine GRE and IPsec P2MP setup.
I hadn't this case, but you can try. Probably, you will have to migrate to pure IPsec to achieve dyamic WAN IP address alocation. Also you didn't mention which platform you have (Comware 5 or 7)?
Two attached files are:
HP MSR Router GRE over IPSec TCG v1.3_Jan2014.pdf
IPsec P2MP setup with zero touch in hub.pdf
ZIP file: 1,6M
Br,
Michal
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-19-2015 11:21 PM
10-19-2015 11:21 PM
Re: GRE over IPSEC with one side having a dynamic IP address
Hi Michal,
Thank you for your answer. The routers are brand new MSR routers (MSR3024 and MSR2003) with the latest software releases.
I saw the documents you sent but in the configurations they use the ip addresses of the public interfaces as endpoints but the problem is that one side will have a dynamic IP address so I can't use that information in the configuration.
Regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-20-2015 01:18 AM
10-20-2015 01:18 AM
Re: GRE over IPSEC with one side having a dynamic IP address
The P2MP doc include IPsec solution dynamic IP without GRE, but I think there is only one part in your configuration to change:
Hub:
Create a keychain named key 1 and specify the pre-shared key. In this scenario, we create an open keychain with 1 password to any address. There could be more than 1 keychain with multiple passwords defined to address spaces.
ike keychain key1
pre-shared-key address 0.0.0.0 0.0.0.0 key simple password
At Spoke side, of course you need to provide static public IP for the HUB to setup the tunnel. I assume, on the Spoke/Remote site you have public IP but dynamically assigned by ISP (PPPoE).
Br,
Mike
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP