From: Justin Menga (Justin.Menga@xxxxxxxxxxxxxxxxxx)
Date: Mon May 28 2001 - 09:34:17 GMT-3
Hi,
Hmm - haven't tried encapsulating IPSec in a GRE tunnel - if you want to
encapsulate GRE in an IPSec tunnel:
1. Remove 'crypto map test local-address Tunnel0'
2. Your access-list should be:
R6: access-list 150 permit ip host 64.108.9.2 host 64.108.1.34
R8: the reverse of R6
However I will try what you are doing...however I think the crypto process
invocation may not work with this.
Regards,
Justin Menga CCIE #6640 CCNP+Voice CCDP MCSE+I CCSE
WAN Specialist
Computerland New Zealand
PO Box 3631, Auckland
DDI: (+64) 9 360 4864 Mobile: (+64) 25 349 599
mailto: justin.menga@computerland.co.nz
web: http://www.computerland.co.nz
CAUTION: This e-mail message and accompanying data may contain
information that is confidential and subject to privilege. If you are
not the intended recipient, you are notified that any use,
dissemination, distribution or copying of this message or data is
prohibited. If you have received this e-mail in error, please notify me
immediately and delete all material pertaining to this e-mail. Thank
you.
-----Original Message-----
From: garry baker [mailto:fallow46@yahoo.com]
Sent: Monday, May 28, 2001 5:16 PM
To: ccielab@groupstudy.com
Subject: help!! ipsec tunnel
Guys,
i am trying to get a ipsec to work over a gre tunnel,
the tunnel works fine but when i add the ipsec i am
unable to ping the other end of the tunnel. all i am
trying to achieve is to be able to ping the other end
of the tunnel. i went through the post from last week
that was similar but still could not fix my problem.
i have three routers connected with the outer two
acting as the tunnel endpoints. i have pasted the
relevant config details. could someone point me in the
right direction?
Garry
r6
crypto isakmp policy 1
authentication pre-share
crypto isakmp key 123456 address 64.108.4.9
crypto isakmp key 12345 address 64.108.68.8
crypto map test local-address Tunnel0
crypto map test 10 ipsec-isakmp
set peer 64.180.68.8
set transform-set test
match address 150
!
interface Tunnel0
ip address 64.108.68.6 255.255.255.0
no ip directed-broadcast
no ip route-cache
no ip mroute-cache
tunnel source 64.108.9.2
tunnel destination 64.108.1.34
crypto map test
interface Serial0/1
ip address 64.108.9.2 255.255.255.240
no ip directed-broadcast
ip pim sparse-mode
encapsulation ppp
ip ospf interface-retry 0
ip igmp join-group 226.10.10.1
ip igmp join-group 226.1.1.10
crypto map test
access-list 150 permit ip host 64.108.68.6 host
64.108.68.8
r8
crypto isakmp policy 1
authentication pre-share
crypto isakmp key 12345 address 64.108.68.6
!
!
crypto ipsec transform-set test esp-des
!
!
crypto map test local-address Tunnel0
crypto map test 10 ipsec-isakmp
set peer 64.108.68.6
set transform-set test
match address 150
interface Tunnel0
ip address 64.108.68.8 255.255.255.0
no ip directed-broadcast
no ip route-cache
no ip mroute-cache
tunnel source 64.108.1.34
tunnel destination 64.108.9.2
crypto map test
!
interface Ethernet0/0
ip address 64.108.1.34 255.255.255.224
no ip directed-broadcast
ip pim sparse-mode
crypto map test
access-list 150 permit ip host 64.108.68.8 host
64.108.68.6
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:55 GMT-3