Need help with GRE over IPSec config

From: Minh Vuong (mvuong@cisco.com)
Date: Sun Sep 22 2002 - 03:15:41 GMT-3

• Next message: CCIE Prep: "Lab Date"
• Previous message: Richard Davidson: "prefix-list bit match"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Guys, need some help please with a GRE over IPSec problem. I think it's
rather basic config but I for some reason I can't get it to work. So
another set of eyes would be appreciated...

R6 connect directly to R4 via token ring.

R6 CONFIG:
access-list 146 permit gre host 148.8.46.6 host 148.8.46.4 log
!
crypto isakmp policy 1
 authentication pre-share
crypto isakmp key baby address 148.8.46.4
!
!
crypto ipsec transform-set GRE_SET esp-des esp-sha-hmac
!
crypto map GRE_MAP local-address TokenRing5/0
crypto map GRE_MAP 10 ipsec-isakmp
 set peer 148.8.46.4
 set transform-set GRE_SET
 match address 146
!
interface Tunnel46
 ip address 148.8.200.6 255.255.255.0
 tunnel source 148.8.46.6
 tunnel destination 148.8.46.4
 crypto map GRE_MAP
!
!interface TokenRing5/0
 ip address 148.8.46.6 255.255.255.192
 ipx network 46
 ring-speed 4
 crypto map GRE_MAP
!

R4 CONFIG:
!
crypto isakmp policy 1
 authentication pre-share
crypto isakmp key baby address 148.8.46.6
!
!
crypto ipsec transform-set GRE_SET esp-des esp-sha-hmac
!
crypto map GRE_MAP local-address TokenRing0/0
crypto map GRE_MAP 10 ipsec-isakmp
 set peer 148.8.46.6
 set transform-set GRE_SET
 match address 146
!
!
interface Tunnel46
 ip address 148.8.200.4 255.255.255.0
 tunnel source 148.8.46.4
 tunnel destination 148.8.46.6
 crypto map GRE_MAP
!
interface TokenRing0/0
 ip address 148.8.46.4 255.255.255.192
 ipx network 46
 ring-speed 4
 crypto map GRE_MAP
 source-bridge 300 1 1000

On R4, I get the following error messages:
14:19:33: %SEC-6-IPACCESSLOGRP: list 146 permitted gre 148.8.46.4 ->
148.8.46.6, 60 packets
14:19:33: IPSEC(encapsulate): invalid conn id 0
14:19:33: IPSEC(encapsulate): error in encapsulation crypto_ip_encrypt
14:20:33: IPSEC(encapsulate): invalid conn id 0
14:20:33: IPSEC(encapsulate): error in encapsulation crypto_ip_encrypt

OSPF neighborship would never establish:
R4#sh ip ospf nei

Neighbor ID Pri State Dead Time Address Interface
148.8.5.5 1 FULL/DR 00:01:53 148.8.245.5 Serial0/0
148.8.6.6 1 INIT/ - 00:00:31 148.8.200.6 Tunnel46

Thanks,

Minh

• Next message: CCIE Prep: "Lab Date"
• Previous message: Richard Davidson: "prefix-list bit match"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:43:59 GMT-3