IPSEC over GRE Tunnel

From: Scott Stoddard (sstoddard@xxxxxxxx)
Date: Thu Apr 25 2002 - 21:47:29 GMT-3

• Next message: Lupi, Guy: "RE: IPSEC over GRE Tunnel"
• Previous message: Lupi, Guy: "RE: IPX SAP filtering between NLSP routers"
• Next in thread: Lupi, Guy: "RE: IPSEC over GRE Tunnel"
• Maybe reply: Lupi, Guy: "RE: IPSEC over GRE Tunnel"
• Maybe reply: Scott Stoddard: "Re: IPSEC over GRE Tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Hi all, does anyone see anything I am doing wrong in my configs below? I am
trying to do IPSEC over a tunnel my configs match examples off of CCO but I
cannot ping across the tunnel, if I remove the tunnel config the ipsec part
works great is there something I am missing over a tunnel? I am sourcing my
pings from the loopback with a default out the tunnel interface. Thanx!

hostname R6a
!
crypto isakmp policy 1
 authentication pre-share
crypto isakmp key cisco address 192.168.0.2
!
crypto ipsec transform-set peekaboo esp-des esp-sha-hmac
 mode transport
!
crypto map doit local-address Serial0
crypto map doit 10 ipsec-isakmp
 set peer 192.168.0.2
 set transform-set peekaboo
 match address 100
!
interface Loopback1
 ip address 150.150.150.150 255.255.255.0
 no ip directed-broadcast
!
interface Tunnel0
 ip address 10.1.1.1 255.255.255.0
 no ip directed-broadcast
 tunnel source 192.168.0.1
 tunnel destination 192.168.0.2
 crypto map doit
!
interface Serial0
 ip address 192.168.0.1 255.255.255.0
 clockrate 64000
 crypto map doit
!
ip route 0.0.0.0 0.0.0.0 Tunnel0
!
access-list 100 permit gre any any
access-list 100 permit icmp any any
access-list 100 permit ip any any
----------------------------------
hostname R8
!
crypto isakmp policy 1
 authentication pre-share
crypto isakmp key cisco address 192.168.0.1
!
crypto ipsec transform-set peekaboo esp-des esp-sha-hmac
 mode transport
!
crypto map doit local-address Serial1
crypto map doit 10 ipsec-isakmp
 set peer 192.168.0.1
 set transform-set peekaboo
 match address 100
!
interface Loopback1
 ip address 200.200.200.200 255.255.255.0
 no ip directed-broadcast
!
interface Tunnel0
 ip address 10.1.1.2 255.255.255.0
 no ip directed-broadcast
 tunnel source 192.168.0.2
 tunnel destination 192.168.0.1
 crypto map doit
!
interface Serial1
 ip address 192.168.0.2 255.255.255.0
 crypto map doit
!
ip route 0.0.0.0 0.0.0.0 Tunnel0
!
access-list 100 permit ip any any
access-list 100 permit icmp any any
access-list 100 permit gre any any

• Next message: Lupi, Guy: "RE: IPSEC over GRE Tunnel"
• Previous message: Lupi, Guy: "RE: IPX SAP filtering between NLSP routers"
• Next in thread: Lupi, Guy: "RE: IPSEC over GRE Tunnel"
• Maybe reply: Lupi, Guy: "RE: IPSEC over GRE Tunnel"
• Maybe reply: Scott Stoddard: "Re: IPSEC over GRE Tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:58:19 GMT-3