RE: Encapsulating IP/VPN traffic for VSAT

From: Daniel Cisco Group Study (danielcgs@imc.net.au)
Date: Thu Mar 06 2003 - 17:41:21 GMT-3

• Next message: Brian Dennis: "RE: Lab core topics ?"
• Previous message: Brian Dennis: "RE: Access-server problems"
• Maybe in reply to: George Louis: "Encapsulating IP/VPN traffic for VSAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

George,

Try something along the lines of this. This will give you IPSEC traffic over a GRE tunnel. All routers between the VPN peers will see GRE traffic only. You'll need to add relevant routing protocols / static routes to route traffic over the tunnel.

Daniel

R1:
crypto isakmp policy 1
 authentication pre-share
crypto isakmp key sharedkey address 150.100.50.42
!
!
crypto ipsec transform-set authe esp-des esp-sha-hmac
!
crypto map secure 10 ipsec-isakmp
 set peer 150.100.50.42
 set transform-set authe
 match address 100
!
!
interface Loopback0
 ip address 10.5.8.1 255.255.255.0
!
interface Tunnel0
 ip address 10.4.1.2 255.255.255.0
 tunnel source 160.200.77.122
 tunnel destination 150.100.50.42
 crypto map secure
!
!
!
interface serial0/0
 ip address 160.200.77.122 255.255.255.248
 crypto map secure
!
access-list 100 permit gre host 160.200.77.122 host 150.100.50.42

-----Original Message-----
From: George Louis [mailto:jlouis08@yahoo.com]
Sent: Friday, 7 March 2003 3:58 AM
To: Daniel Cisco Group Study
Subject: RE: Encapsulating IP/VPN traffic for VSAT

I don't believe they are blocking GRE. I'll see If I can do that. I'm
just unsure how to do that though. Usually I use GRE through IPSEC VPN
Tunnels. How would you get the IPSec to encapsulate and pass through the
GRE Tunnels.

-----Original Message-----
From: Daniel Cisco Group Study [mailto:danielcgs@imc.net.au]
Sent: Thursday, March 06, 2003 5:41 AM
To: George Louis; ccielab@groupstudy.com
Subject: RE: Encapsulating IP/VPN traffic for VSAT

How about tunneling the IPSEC traffic over a GRE tunnel? Do they block
GRE as well?

Daniel

-----Original Message-----
From: George Louis [mailto:jlouis08@yahoo.com]
Sent: Thursday, 6 March 2003 06:05
To: ccielab@groupstudy.com
Subject: Encapsulating IP/VPN traffic for VSAT

Does anyone know if there is a way to encapsulate IP in order to
establish VPN connections through VSAT connections that block forwarding
of IPSEC traffic?
 
The VSAT service provider does not allow IPSEC to pass through VSAT for
some reason and I can't get a tunnel established.

**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************

**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************

• Next message: Brian Dennis: "RE: Lab core topics ?"
• Previous message: Brian Dennis: "RE: Access-server problems"
• Maybe in reply to: George Louis: "Encapsulating IP/VPN traffic for VSAT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:34 GMT-3