GroupStudy.com GroupStudy.com - A virtual community of network engineers
 Home  BookStore  StudyNotes  Links  Archives  StudyRooms  HelpWanted  Discounts  Login
RE: IPsec problem posted 11/16/2000
[Chronological Index] [Thread Index] [Top] [Date Prev][Date Next] [Thread Prev][Thread Next]


I gather you have the peers of the GRE as loopbacks or physicals and the IPsec peers attached to the GRE tunnel interface addresses?
 
Just have the crypto maps on the GRE tunnel.
 
 
Can you send configs?
-----Original Message-----
From: Rob Barton [mailto:robbarto@xxxxxxxxx]
Sent: Thursday, November 16, 2000 6:46 AM
To: Simon Baxter
Cc: Ccielab
Subject: RE: IPsec problem

I am running IPsec over a GRE tunnel.
 
Still no luck.
 
- Rob.

 

Rob Barton,
Systems Engineer
Cisco Systems Canada Co.

Voice: 604-647-2335
Fax: 604-647-2399
Cell: 604-838-9113
Pager: 1-800-68-CISCO
robbarto@xxxxxxxxx

 

 

 

-----Original Message-----
From: Simon Baxter [mailto:Simon.Baxter@xxxxxxxxxxxxxx]
Sent: Wednesday, November 15, 2000 3:35 PM
To: Rob Barton; Ccielab
Subject: RE: IPsec problem

Are you encrypting a GRE tunnel over IPsec or running an IPsec tunnel over a GRE tunnel?
 
A colleague of mine had a problem yesterday where he was trying to GRE tunnel over an IPsec VPN.  He had to do this because there seems to be a problem with passing of IP broadcast traffic over an IPsec tunnel.
 
The problem he had was because he was attaching the IPsec peers to loopback interfaces and also attaching the GRE tunnel peers to the same loopback interfaces.
 
I don't know if this helps you at all??
 
 
Simon
-----Original Message-----
From: Rob Barton [mailto:robbarto@xxxxxxxxx]
Sent: Thursday, November 16, 2000 5:55 AM
To: Ccielab
Subject: IPsec problem

I am trying to encrypt an IPsec session over a GRE tunnle.  As stated many times on this list, it is necessary to have the crypto map statement on both the tunnle and physical interfaces to make this work.  My problem is that I want to make the source and destination interfaces of my GRE tunnel to be the loopback addresses of the routers that are running ipsec, but so far it doesn't work.  Do I have to attach the cyrpto map statement to the tunnel, loopback, and physical interface here?  Has anybody successfully done this?
 
Thanks.

 

Rob Barton,
Systems Engineer
Cisco Systems Canada Co.

Voice: 604-647-2335
Fax: 604-647-2399
Cell: 604-838-9113
Pager: 1-800-68-CISCO
robbarto@xxxxxxxxx