From: Jason Graun (jgraun@comcast.net)
Date: Mon Mar 01 2004 - 04:27:32 GMT-3
This isnt a bug it is by design.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Michael Snyder
Sent: Saturday, February 28, 2004 8:48 PM
To: ccielab@groupstudy.com
Subject: GRE traffic via IPSEC SA (Cisco still hasn't fixed this?)
I remember doing this on IOS 12.0
They still haven't fixed it?
R1
Crypto Map "bb3" 10 ipsec-isakmp
Peer = 136.10.9.9
Extended IP access list 101
access-list 101 permit gre any any
Current peer: 136.10.9.9
Security association lifetime: 4608000 kilobytes/1000 seconds
PFS (Y/N): Y
DH group: group2
Transform sets={ michael, }
Interfaces using crypto map bb3:
Serial0
Tunnel0
R9
Crypto Map "bb1" 10 ipsec-isakmp
Peer = 136.10.1.1
Extended IP access list 101
access-list 101 permit gre any any
Current peer: 136.10.1.1
Security association lifetime: 4608000 kilobytes/1000 seconds
PFS (Y/N): Y
DH group: group2
Transform sets={ michael, }
Interfaces using crypto map bb1:
Serial0
Tunnel0
R1#st s0
Building configuration...
Current configuration : 199 bytes
!
interface Serial0
ip address 136.10.12.1 255.255.255.0
ip pim sparse-dense-mode
no fair-queue
service-module 56k clock source internal
service-module 56k network-type dds
crypto map bb3
end
R1#st tu0
Building configuration...
Current configuration : 139 bytes
!
interface Tunnel0
ip address 192.168.100.2 255.255.255.252
tunnel source Loopback0
tunnel destination 136.10.9.9
crypto map bb3
end
R1#
I had to apply a crypto map that only encrypts GRE traffic inside my
tunnel interface, to get my gre tunnel working!
Com`on if that`s not circle logic, I don`t know what would be.
This archive was generated by hypermail 2.1.4 : Thu Apr 01 2004 - 08:15:11 GMT-3