Does CISCO 515E firewalls support GRE tunneling???

Walter, It's a static 1-to-1 NAT. Can you tell me what the conduits would be to permit this?

In article , naminori wrote: :I'm working on establishing a GRE tunnel via a PIX 515. Is GRE :tunneling supported?

More No then Yes.

Yes in that PPTP uses GRE.

No in that for PIX thru 6.x, there is no way to explicitly configure GRE with the PIX as the endpoint. [I don't know about PIX 7.0; I don't recall seeing GRE mentioned for it.]

Like any other IP protocol, GRE can traverse -through- the PIX, if you have static 1-to-1 NAT.

In article , naminori wrote: :It's a static 1-to-1 NAT. Can you tell me what the conduits would be to :permit this?

Sorry, no, I don't do conduits. Conduits were superceeded starting in PIX 5.2(1) or so, which was a number of years ago. Cisco has been saying since 5.3(2) that they are not certain to work properly anymore. The considerable NAT rewrite for PIX 6.2 in particular introduced known incompatabilities with conduits that will never be fixed. Conduits are not supported at all in PIX 7.0.

If you want to pass GRE -through- a PIX 5.2 thru 6.x, then you would use something like:

access-list out2in permit gre SOURCENET SOURCEMASK host NATOUTSIDEIP access-group out2in in interface outside static (inside,outside) NATOUTSIDEIP NATINSIDEIP netmask 255.255.255.255

for example,

access-list out2in permit gre any host 123.45.67.89 access-group out2in in interface outside static (inside,outside) 123.45.67.89 192.168.49.15 netmask 255.255.255.255