VPN between loopbacks - GRE

From: Kal Han (calikali2006@gmail.com)
Date: Sun Nov 26 2006 - 21:35:19 ART

• Next message: Mathew: "Re: ICMP Flooding"
• Previous message: Nick Davey: "Re: LLQ and bandwidth on ethernet interface"
• Next in thread: Jens Petter: "RE: VPN between loopbacks - GRE"
• Maybe reply: Jens Petter: "RE: VPN between loopbacks - GRE"
• Maybe reply: Kal Han: "Re: VPN between loopbacks - GRE"
• Maybe reply: Jens Petter: "RE: VPN between loopbacks - GRE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi

Im trying to configure vpn between two loopback interfaces
for gre traffic.
I set the tunnel source as loopback interface.
and applied my crypto map on the physical interface.
I am also using "crypto map loop local-address Loopback36"

In this case, my interesting traffic for VPN is gre
traffic from loopback - to - loopback.
*So why should I apply the crypto map on physical interface ?*
*Is it possible to apply the crypto map on the loopback interface*
*and bring the tunnel up* ? It didnt work for me.

R3#sh access-li 193
Extended IP access list 193
    20 permit gre 103.103.103.0 0.0.0.255 106.106.106.0 0.0.0.255 (398
matches)

R3#sh run int t0
Building configuration...

Current configuration : 122 bytes
!
interface Tunnel0
 ip address 36.36.36.3 255.255.255.0
 tunnel source Loopback36
 tunnel destination 106.106.106.6
end

R3#sh run int lo36
Building configuration...

Current configuration : 68 bytes
!
interface Loopback36
 ip address 103.103.103.3 255.255.255.0
end

R3#sh run int s0/0.6
Building configuration...

Current configuration : 180 bytes
!
interface Serial0/0.6 point-to-point
 ip address 195.1.136.3 255.255.255.0
 ip ospf message-digest-key 1 md5 cciesec
 ntp broadcast key 1
 frame-relay interface-dlci 306
 crypto map loop
end

R3#sh run
Building configuration...

Current configuration : 3953 bytes
!
! Last configuration change at 16:24:20 PST Sun Nov 26 2006
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
logging queue-limit 100
!
enable use-tacacs
enable last-resort succeed
memory-size iomem 15
clock timezone PST -8
ip subnet-zero
!
!
no ip domain lookup
!
ip audit notify log
ip audit po max-events 100
!
!
!
crypto isakmp policy 10
 hash md5
 authentication pre-share
 group 2
crypto isakmp key cciesec address 106.106.106.6
!
!
crypto ipsec transform-set ts esp-des esp-md5-hmac
!
crypto map loop local-address Loopback36
crypto map loop 10 ipsec-isakmp
 set peer 106.106.106.6
 set transform-set ts
 match address 193
!
no voice hpi capture buffer
no voice hpi capture destination
!
!
mta receive maximum-recipients 0
!
!
!
!
interface Loopback0
 ip address 33.33.33.33 255.255.255.0
!
interface Loopback36
 ip address 103.103.103.3 255.255.255.0
!
interface Loopback100
 ip address 100.3.3.3 255.255.255.0
!
interface Tunnel0
 ip address 36.36.36.3 255.255.255.0
 tunnel source Loopback36
 tunnel destination 106.106.106.6
!
interface FastEthernet0/0
 ip address 195.1.123.3 255.255.255.0
 ip ospf message-digest-key 1 md5 cciesec
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 encapsulation frame-relay IETF
 frame-relay lmi-type cisco
!
interface Serial0/0.4 point-to-point
 ip address 195.1.134.3 255.255.255.0
 ip ospf message-digest-key 1 md5 cciesec
 frame-relay interface-dlci 304
!
interface Serial0/0.5 point-to-point
 ip address 195.1.135.3 255.255.255.0
 ip ospf message-digest-key 1 md5 cciesec
 frame-relay interface-dlci 305
!
interface Serial0/0.6 point-to-point
 ip address 195.1.136.3 255.255.255.0
 ip ospf message-digest-key 1 md5 cciesec
 ntp broadcast key 1
 frame-relay interface-dlci 306
 crypto map loop
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
router eigrp 123
 network 195.1.123.0
 distance eigrp 90 90
 no auto-summary
!
router eigrp 36
 network 36.36.36.0 0.0.0.255
 network 106.106.106.0 0.0.0.255
 distance eigrp 90 90
 no auto-summary
!
router ospf 1
 router-id 33.33.33.33
 log-adjacency-changes
 area 0 authentication message-digest
 area 4 authentication message-digest
 area 4 stub no-summary
 area 56 authentication message-digest
 area 56 nssa no-summary
 network 33.33.33.0 0.0.0.255 area 4
 network 103.103.103.0 0.0.0.255 area 56
 network 195.1.123.0 0.0.0.255 area 0
 network 195.1.134.0 0.0.0.255 area 4
 network 195.1.135.0 0.0.0.255 area 56
 network 195.1.136.0 0.0.0.255 area 56
!
router bgp 3
 no synchronization
 bgp log-neighbor-changes
 network 100.3.3.0 mask 255.255.255.0
 neighbor 195.1.134.4 remote-as 4
 neighbor 195.1.134.4 local-as 356
 neighbor 195.1.135.5 remote-as 5
 neighbor 195.1.135.5 maximum-prefix 1000 50
 neighbor 195.1.136.6 remote-as 6
 neighbor 195.1.136.6 route-map asprepend out
 no auto-summary
!
ip http server
no ip http secure-server
ip classless
!
!
!
ip prefix-list pix-inside seq 5 deny 172.16.0.0/16 le 32
!
access-list 1 permit 100.3.3.0 0.0.0.255
access-list 193 permit gre 103.103.103.0 0.0.0.255 106.106.106.0 0.0.0.255
!

• Next message: Mathew: "Re: ICMP Flooding"
• Previous message: Nick Davey: "Re: LLQ and bandwidth on ethernet interface"
• Next in thread: Jens Petter: "RE: VPN between loopbacks - GRE"
• Maybe reply: Jens Petter: "RE: VPN between loopbacks - GRE"
• Maybe reply: Kal Han: "Re: VPN between loopbacks - GRE"
• Maybe reply: Jens Petter: "RE: VPN between loopbacks - GRE"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART