multipe tunnels question

- J
- jogdial
  
  Contact options for registered users
posted
18 years ago

Thu, May 19, 2005 9:24 AM

Hi,

I'm running IPSEC tunnels to three sites from my cisco. One of the sites says they now need a GRE tunnel. I have one serial interface for my WAN and an ethernet interface for my internal network. There is a

2nd Ethernet interface for my DMZ.

I know nothing about GRE tunnels at this point, from configs I have looked at, it appears you setup another virtual interface or something. If I do this, will it be compatible with my current IPSEC tunnels which are configured for the Serial interface? Can I have both types of tunnels and are there any restrictions?

Thanks for your help

Loading thread data ...

- D
- Draschl Clemens
  
  Contact options for registered users
Vote on answer
posted
18 years ago

Thu, May 19, 2005 3:24 PM

GRE works with tunnel-interfaces (TunnelX). Just configure tunnel source, tunnel destination and an unnumbered interface. Make sure to allow the GRE-protocol pass your access-lists. I've configured some GRE-tunnels and they all work well. Nevertheless, GRE without encryption isn't a very good solution. Just modify the corresponding access-list to trigger on GRE-packets.

access-list 100 permit gre host x.x.x.x host y.y.y.y

And don't forget to apply the crypto map on the physical *and* the tunnel-interface. IPsec and GRE are working together perfectly, even if on the same interface. I only once had to "optimize" the max-mss.

\cd

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.