Switching and Routing
cancel
Showing results for 
Search instead for 
Did you mean: 

GRE over IPSec

kocrypto
Occasional Contributor

GRE over IPSec

I would like to know about some issue in GRE over IPsec.I configured one point to point GRE over IPsec tunnel.I would like to know if i want to configure other GRE tunnel to HUB without using IPsec,can i use this gre tunnel without encryption ? IPSec profile will drop new gre traffic (no used encryption) ?

 HUB router's outside interface only accepts encrypted traffic and IPSec profile applied in current router external interface so all the traffic coming in must match current IPSec profile.

Please see for example configuration

Eg. In hub router 

 

interface GigabitEthernet0/0/1 
ip address 10.10.10.1 255.255.255.0 
ipsec apply policy test

 

interface Tunnel1 mode gre 
mtu 1560 
ip address 1.1.1.1 255.255.255.254 
source 10.10.10.1 
destination 10.10.10.2 
keepalive 3 3

 

ip route-static 1.1.1.2 32 10.10.10.2

acl number 3200 
rule 0 permit ip source 1.1.1.1 0 destination 1.1.1.2 0 
rule 20 permit gre source 10.10.10.1 0 destination 10.10.10.2 0

ipsec policy test 1 isakmp 
transform-set trans1 
security acl 3200 
remote-address 10.10.10.2 
ike-profile 1
!
ike profile 1 
certificate domain test1 
local-identity address 10.10.10.1 
match remote identity address 10.10.10.2 255.255.255.255 
proposal 1

1 REPLY
kocrypto
Occasional Contributor

Re: GRE over IPSec

Dear all,

Let me know above configuration is IPSec or GRE over IPSec ?